AusCERT - Security Bulletins

Subscribe to AusCERT - Security Bulletins hírcsatorna
Latest published security bulletins. See https://www.auscert.org.au/rss/ for feed information.
Frissítve: 2 óra 13 perc
2022. április 20.

ESB-2022.1699 - [SUSE] icedtea-web: CVSS (Max): 8.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1699 Security update for icedtea-web 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: icedtea-web Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2019-10185 CVE-2019-10182 CVE-2019-10181 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221259-1 Comment: CVSS (Max): 8.8 CVE-2019-10181 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for icedtea-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1259-1 Rating: important References: #1142825 #1142832 #1142835 Cross-References: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for icedtea-web fixes the following issues: o CVE-2019-10181: Fixed an issue where an attacker could inject unsigned code in a signed JAR file (bsc#1142835). o CVE-2019-10182: Fixed a path traversal issue where an attacker could upload arbritrary files by tricking a victim into running a specially crafted application(bsc#1142825). o CVE-2019-10185: Fixed an issue where an attacker could write files to arbitrary locations during JAR auto-extraction (bsc#1142832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1259=1 o openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1259=1 o SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1259=1 o SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1259=1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1259= 1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1259= 1 Package List: o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): icedtea-web-1.7.2-150100.7.3.1 o openSUSE Leap 15.4 (noarch): icedtea-web-javadoc-1.7.2-150100.7.3.1 o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): icedtea-web-1.7.2-150100.7.3.1 o openSUSE Leap 15.3 (noarch): icedtea-web-javadoc-1.7.2-150100.7.3.1 o SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): icedtea-web-1.7.2-150100.7.3.1 o SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): icedtea-web-1.7.2-150100.7.3.1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): icedtea-web-1.7.2-150100.7.3.1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): icedtea-web-javadoc-1.7.2-150100.7.3.1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): icedtea-web-1.7.2-150100.7.3.1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): icedtea-web-javadoc-1.7.2-150100.7.3.1 References: o https://www.suse.com/security/cve/CVE-2019-10181.html o https://www.suse.com/security/cve/CVE-2019-10182.html o https://www.suse.com/security/cve/CVE-2019-10185.html o https://bugzilla.suse.com/1142825 o https://bugzilla.suse.com/1142832 o https://bugzilla.suse.com/1142835 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+BYONLKJtyKPYoAQhnew//X8ZwND+Au0tpil73YKbPSa+eusJ94IzY 84uj6O/w9UQ08ybBB14gB5t2gbtz6o0VSjSwk00rc8bE55LxZmqmip/7J5nn9ox4 sm/KFaLlsoCvm1qJGjEMLGtjFFCx5kAYr5e7V/d6X8i+4Wj/19fCE2DOB/9aXnd2 BJguQ6L1RzeEp/7ppVcuVcR88S48KFcC6avzvK7olgqGSPyXebkWMPetjSSoWm2K NCxBxYCTAmRjj2hZAOt0bJ9RPiEHoFfjI2Ukxp8g2tT41pwFOeT2w8RLOgRy9int 20zxTuQHsyF8PVFsq/PXF6Inxd0qZpndBROsg4YOHz6FwHAVnRXW3MbUz92P68uX tDaCSp+ANVOHTttM+Kud98NVAjuiL2dm1zwZMFw19KQ/88BWTrgeANev2rNyh2k5 Bvj1qU/aZwQTnjirz9KeS7jDAE4QR2zIOtaON6ksbD1vq3sTh++dTjPb7fkRBV03 pANwWhGIqpjx9GCVf9TEiF1hYaJNHv1OAefPJNyIr4qMI7jd533LADBdbHW4Fcq9 Mw6nu3JdPzR0NgBNe6UJzz4y6Nlnl+F7LP4OOkcOJMXUQCCAsrQ5jktvCMoqYioA vG4tHwjv21ly4Hy2637+1GwbEDc7RHSgYWBD+sGtpiqrtK8TSu3U1iaez2XJbr37 DZKaaSk7fiM= =S8N6 -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1698 - [SUSE] jsoup, jsr-305: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1698 Security update for jsoup, jsr-305 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: jsoup, jsr-305 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2021-37714 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221265-1 Comment: CVSS (Max): 7.5 CVE-2021-37714 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for jsoup, jsr-305 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1265-1 Rating: important References: #1189749 Cross-References: CVE-2021-37714 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jsoup, jsr-305 fixes the following issues: o CVE-2021-37714: Fixed infinite in untrusted HTML or XML data parsing (bsc# 1189749). Changes in jsr-305: o Build with java source and target levels 8 o Upgrade to upstream version 3.0.2 Changes in jsoup: o Upgrade to upstream version 1.14.2 o Generate tarball using source service instead of a script Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1265=1 o openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1265=1 o SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1265=1 o SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1265=1 o SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1265=1 o SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1265=1 o SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1265=1 o SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1265=1 o SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1265=1 o SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1265=1 o SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1265=1 o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1265=1 o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1265=1 o SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1265=1 Package List: o openSUSE Leap 15.4 (noarch): jsoup-1.14.2-150200.3.3.1 jsoup-javadoc-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 jsr-305-javadoc-3.0.2-150200.3.3.1 o openSUSE Leap 15.3 (noarch): jsoup-1.14.2-150200.3.3.1 jsoup-javadoc-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 jsr-305-javadoc-3.0.2-150200.3.3.1 o SUSE Manager Server 4.1 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 o SUSE Manager Retail Branch Server 4.1 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 o SUSE Manager Proxy 4.1 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 o SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 o SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 o SUSE Linux Enterprise Server 15-SP2-BCL (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 o SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 o SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 o SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 o SUSE Enterprise Storage 7 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 References: o https://www.suse.com/security/cve/CVE-2021-37714.html o https://bugzilla.suse.com/1189749 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+BVONLKJtyKPYoAQgW0xAAgSWQBYlKvn5Q9hXOYceqdaTGrLMGQudw 1JumkXoYW3ruoJ8Zfs5+wQ5ztVeyTZVh8LHonES0jm6BK6SzEUqCIaZqSZRDHYxt vtoT040txc7FSCgSZqJzwhPHL6HFzDi8CHsSum9bHjK/sFPYKvbNC02165GNup7I 4wPvOdIGgYOLWi+/eKxlf7i605LN/IXfrXd8NThANvPTMVvQmZgIfsLOF6aV1Bao nD8H01CqXd2pCPy1WJwgnubaOCiNZRRK3iP0TZWrs0E4CV3Wy0PQo4KE/lHTeBME ZT3SKNVPS/d4Hnqe71wFrBQxmzXNP+nQf52YyzSnEOGDgQegnpTGz0E67HXhaeOh HNzJR4NyHm3W1xlJ428xCjh6NR8DocNt0YRjxBwtVAgyDx1YFQyvED724OIqa6Dj 4zZ5GbSedXqPuHDIArik3pzZ+NluEurFXR2b0eABdDikbvn3VHatd/OvN7TG5SRs UpVn+Ll/3HhNjQ2scase8MwcNzj6sJHWfTf8RgrrifUaPl/Ky7cb4A3OpJ3T/IVY qbTy5QeVvUMlV6vCyhMi0fMBmmGorbja2iQQQBDCV5UeVpI3NcQ1q8glNogE4uce 5bckmG7Uu2jAQ57JxV8LEfgJx+c1ba5zZzW5S+zhf+o3HO/SkQ0ela3NgebQIONz J34aVDIvcLM= =hi4z -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1697 - [SUSE] netatalk: CVSS (Max): 8.8*

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1697 Security update for netatalk 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: netatalk Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-23125 CVE-2022-23121 CVE-2021-31439 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221184-1 Comment: CVSS (Max): 8.8* CVE-2021-31439 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for netatalk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1184-1 Rating: important References: #1197352 Cross-References: CVE-2021-31439 CVE-2022-23121 CVE-2022-23125 Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for netatalk fixes the following issues: o CVE-2022-23125: Fixed remote arbitrary code execution related to copyapplfile(). o CVE-2022-23121: Fixed remote arbitrary code execution related to parse_entries(). o CVE-2021-31439: Fixed remote arbitrary code execution related to dsi_stream_receive(). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1184=1 o SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1184=1 Package List: o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libatalk12-3.1.0-3.8.1 libatalk12-debuginfo-3.1.0-3.8.1 netatalk-3.1.0-3.8.1 netatalk-debuginfo-3.1.0-3.8.1 netatalk-debugsource-3.1.0-3.8.1 o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libatalk12-3.1.0-3.8.1 libatalk12-debuginfo-3.1.0-3.8.1 netatalk-3.1.0-3.8.1 netatalk-debuginfo-3.1.0-3.8.1 netatalk-debugsource-3.1.0-3.8.1 netatalk-devel-3.1.0-3.8.1 References: o https://www.suse.com/security/cve/CVE-2021-31439.html o https://www.suse.com/security/cve/CVE-2022-23121.html o https://www.suse.com/security/cve/CVE-2022-23125.html o https://bugzilla.suse.com/1197352 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+BSeNLKJtyKPYoAQiQUxAAkz+0ZPTV9VkGkULZ/LJt/FKWWczNzWOe B6XV9S5bXjkCXPKPPxSYQDY3O7KwlMzQrnRruhWD6rLlP061o29ChVoc1TEc5oWC JwIdyWgFQTKRcNQINf8vlJ5GIvtOcWH95rPlUg5vWr8fWEBpPJQu7lAklNe3qG4F sxHmGBnVwwTz6AkmLXRWD+qmSTZEfxMwhK8I54DdkPeZ8AxfSLpiFkaMaOWryTFv +zrX385It9snO/qLVXu/mjIpMvY+81d3qNLdF6Tcf6FcIHH5snPvMw81d5hsXN3x uEMXDLW1p9+wWfUfFAK0kHF1Wi8oRrl2y7xjV9X3bC8ikoDRUzaNw+bOypGX2/r2 E/B+M6Y1yXDTBatzS8tMo0jh6I6uCKO0/5ykkCsVIWplv97I1YfBfSwA/nPO16f0 kbU23cOlp0ORl5So3VL6gQMIQaV18zx4q674zp9kwK/lIqbjvGJfo7hU9zpSdRBr B8M5wQrNFtCI2tQa01Ki8H/gLxogqetG0V6nYJZiNad3Mj7MdKXYC00o6t8qWsXc tzsBQrus+ERfbv32QJGez5f2zrnCZ9+4sKoAinVcVapOjjBoXgMU86NZqiHhtHgp /thGZdqrvLtjT1J6T4CX1RVrHqmzvLxhOgNl0hHKyV8j2NLLl3hcpWBM+N5pTDyH ouM8ccvfkUY= =qZrj -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1696 - [SUSE] openjpeg2: CVSS (Max): 7.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1696 Security update for openjpeg2 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openjpeg2 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-1122 CVE-2021-29338 CVE-2020-27823 CVE-2020-15389 CVE-2020-8112 CVE-2020-6851 CVE-2018-20845 CVE-2018-16376 CVE-2018-16375 CVE-2018-14423 CVE-2018-6616 CVE-2018-5785 CVE-2018-5727 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221252-1 Comment: CVSS (Max): 7.8 CVE-2020-6851 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for openjpeg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1252-1 Rating: important References: #1076314 #1076967 #1079845 #1102016 #1106881 #1106882 #1140130 #1160782 #1162090 #1173578 #1180457 #1184774 #1197738 Cross-References: CVE-2018-14423 CVE-2018-16375 CVE-2018-16376 CVE-2018-20845 CVE-2018-5727 CVE-2018-5785 CVE-2018-6616 CVE-2020-15389 CVE-2020-27823 CVE-2020-6851 CVE-2020-8112 CVE-2021-29338 CVE-2022-1122 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for openjpeg2 fixes the following issues: o CVE-2018-5727: Fixed integer overflow vulnerability in theopj_t1_encode_cblks function (bsc#1076314). o CVE-2018-5785: Fixed integer overflow caused by an out-of-bounds leftshift in the opj_j2k_setup_encoder function (bsc#1076967). o CVE-2018-6616: Fixed excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c (bsc#1079845). o CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc# 1102016). o CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc# 1106882). o CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). o CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.ci (bsc#1140130). o CVE-2020-6851: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor (bsc#1160782). o CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). o CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). o CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457). o CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774). o CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1252=1 o openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1252=1 o SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1252=1 o SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1252=1 o SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1252=1 o SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1252=1 o SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1252=1 o SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1252=1 o SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1252=1 o SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1252=1 o SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1252=1 o SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1252=1 o SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1252=1 o SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1252=1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1252= 1 o SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1252=1 o SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1252=1 o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1252=1 o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1252=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1252=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1252=1 o SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1252=1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1252=1 o SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1252=1 o SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1252=1 o SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. I will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o openSUSE Leap 15.4 (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.5.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.5.1 o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o openSUSE Leap 15.3 (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.5.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.5.1 o SUSE Manager Server 4.1 (ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Manager Retail Branch Server 4.1 (x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Manager Proxy 4.1 (x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.5.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.5.1 o SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Enterprise Storage 7 (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE Enterprise Storage 6 (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 o SUSE CaaS Platform 4.0 (x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 References: o https://www.suse.com/security/cve/CVE-2018-14423.html o https://www.suse.com/security/cve/CVE-2018-16375.html o https://www.suse.com/security/cve/CVE-2018-16376.html o https://www.suse.com/security/cve/CVE-2018-20845.html o https://www.suse.com/security/cve/CVE-2018-5727.html o https://www.suse.com/security/cve/CVE-2018-5785.html o https://www.suse.com/security/cve/CVE-2018-6616.html o https://www.suse.com/security/cve/CVE-2020-15389.html o https://www.suse.com/security/cve/CVE-2020-27823.html o https://www.suse.com/security/cve/CVE-2020-6851.html o https://www.suse.com/security/cve/CVE-2020-8112.html o https://www.suse.com/security/cve/CVE-2021-29338.html o https://www.suse.com/security/cve/CVE-2022-1122.html o https://bugzilla.suse.com/1076314 o https://bugzilla.suse.com/1076967 o https://bugzilla.suse.com/1079845 o https://bugzilla.suse.com/1102016 o https://bugzilla.suse.com/1106881 o https://bugzilla.suse.com/1106882 o https://bugzilla.suse.com/1140130 o https://bugzilla.suse.com/1160782 o https://bugzilla.suse.com/1162090 o https://bugzilla.suse.com/1173578 o https://bugzilla.suse.com/1180457 o https://bugzilla.suse.com/1184774 o https://bugzilla.suse.com/1197738 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+BP+NLKJtyKPYoAQjJLxAAkflIEAHTp5LJGgL8Ht4yPJA6yRMIHOI2 HL4lQWh10JotfHwfb+/HgW2lAF+MkWJImSzP/9qRaGDQ/4sgRxWnwlVpO4UzwvRG 9GZgr+t9uN/MPN8fkvJN5T9ilOxRVlPXRDbAMq8hSPyeYqTKR3E5AhtfW5ykMEqt XMalj16fr8JWiPePJtNYyBNiRTJnN9C5Hl8pdA4mYSbvtLV8OgfArRKwKjGZMGIc PtNM5romJPcxYAnd50UDQR+jywccOFwxB4bi/yvfacwchMPJJLumRwzsoYMx/aKu 3tKevLjU+Sr9HqybvbRDCkb2ilLI+BuMVOcMveVJXWb5U1Mfb+aRSzCOctfWDY+h GQyzfumXqlTzmvYuCjrWvN8dXJWabCgI/vStysEgcj05/UiqZs/yb/wPk4OI2grH XvqGAlF8YE/wkMhq2svbgJhGUGu3XeYjOikM6nW3LwNPOnx0zNu05NWDPQMW0Ht7 byVpJlB+mV2nSrbM8x/JFf3gkGY2cBCtHJftZhw4459poT+NmBb6N7L+kDhHIr0d 9MdgdL2rENwF7jBMyWsxtfMbsIz0jpuo9h3gYO5VU1uAa5il7y8bJd0jq00zgjd6 YJ+xwWU+8I1RkTWSCLxc/U/yiJwZckA7A6OFH7HLGxKh51V5hBpk3g2YO4FF90Mu gZsE+y6iRh0= =bINY -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1695 - [SUSE] openssl-1_1: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1695 Security update for openssl-1_1 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openssl-1_1 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-0778 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20220861-1 Comment: CVSS (Max): 7.5 CVE-2022-0778 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0861-1 Rating: important References: #1182959 #1195149 #1195792 #1195856 #1196877 Cross-References: CVE-2022-0778 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for openssl-1_1 fixes the following issues: openssl-1_1: o CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). o Fix PAC pointer authentication in ARM (bsc#1195856) o Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc# 1195792) o FIPS: Fix function and reason error codes (bsc#1182959) o Enable zlib compression support (bsc#1195149) glibc: o Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: o Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: o Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: o Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-861=1 Package List: o SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): glibc-2.31-150300.20.7 glibc-debuginfo-2.31-150300.20.7 glibc-debugsource-2.31-150300.20.7 glibc-locale-2.31-150300.20.7 glibc-locale-base-2.31-150300.20.7 glibc-locale-base-debuginfo-2.31-150300.20.7 libcrypt1-4.4.15-150300.4.2.41 libcrypt1-debuginfo-4.4.15-150300.4.2.41 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libxcrypt-debugsource-4.4.15-150300.4.2.41 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 References: o https://www.suse.com/security/cve/CVE-2022-0778.html o https://bugzilla.suse.com/1182959 o https://bugzilla.suse.com/1195149 o https://bugzilla.suse.com/1195792 o https://bugzilla.suse.com/1195856 o https://bugzilla.suse.com/1196877 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+BNeNLKJtyKPYoAQg4lhAApcovfKxcHDQUcJSPOclzssWAT/Lkox0y 3q6tfsSP+YypcGSCWoNaX/0gLcQ6X7/U9LGoYS3hpqcXUdKw2IpJujTTROvql1Pj tCajW4WxiNskWRJAhyD+5ZX6KgeNW9HmzKIAG4K8c2utR35HbgSUuKfNBprcNcrM aMoiRqjN6hJ4dWGmOaf5cAbZyU9UF2C8Iygx7XUugO4aF7XmXLYuVIJQFFEuIQp2 wwvPUtISRMbb265Pfpo81ZUwDzpNb1LavLL9bBlnwzI1ouL245TtxBt1SaV4PjQq l/kG5aFj/GfkkH9p+4xOEfcnMOY+ygJE53yw/q577i6Ahf7Fz85YNJ8wAdMOHE0o A3Hupda+ih/A7nh4YKZlkp1jPbX1lcQSJ/rC+g4uIbX1FzIWI6Ul2uH7s6IuEkoG WlnL0dlHfsD0aArzf2cuO67e4v3lRNOfrMnmwkt0FkYkBD9QqevIpIz5mT6dvDjk Ab+m+rEisKYgGkUkjtkx8EX6wk6XpRVUOQ6N5b8LgfdlMew54EaAFoIwBTIK/oZK kzCgWYylooIX0/8Feeh6DLe9pD5978JwCh+Ka346ckLgvDXDPkZJC44C+RP8OUks +rIQ6Q1vSuh5KB/zvg/UamG4XeH5x39bN6Q4PFIvRFqcvV77xKEKklasfmbWCEpL fP0TKSKX+2M= =DXdf -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1694 - [SUSE] sssd: CVSS (Max): 6.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1694 Security update for sssd 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sssd Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2021-3621 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221258-1 Comment: CVSS (Max): 6.7 CVE-2021-3621 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1258-1 Rating: important References: #1183735 #1189492 #1196564 Cross-References: CVE-2021-3621 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has two fixes is now available. Description: This update for sssd fixes the following issues: o CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492). o Add LDAPS support for the AD provider (bsc#1183735)(jsc#SLE-17773). Non-security fixes: o Fixed a crash caused by calling dbus_watch_handle with a corrupted memory value (bsc#1196564). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1258=1 o SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1258=1 o SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1258=1 o SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1258=1 Package List: o SUSE OpenStack Cloud Crowbar 9 (x86_64): libipa_hbac0-1.16.1-4.40.1 libipa_hbac0-debuginfo-1.16.1-4.40.1 libsss_certmap0-1.16.1-4.40.1 libsss_certmap0-debuginfo-1.16.1-4.40.1 libsss_idmap0-1.16.1-4.40.1 libsss_idmap0-debuginfo-1.16.1-4.40.1 libsss_nss_idmap0-1.16.1-4.40.1 libsss_nss_idmap0-debuginfo-1.16.1-4.40.1 libsss_simpleifp0-1.16.1-4.40.1 libsss_simpleifp0-debuginfo-1.16.1-4.40.1 python-sssd-config-1.16.1-4.40.1 python-sssd-config-debuginfo-1.16.1-4.40.1 sssd-1.16.1-4.40.1 sssd-32bit-1.16.1-4.40.1 sssd-ad-1.16.1-4.40.1 sssd-ad-debuginfo-1.16.1-4.40.1 sssd-dbus-1.16.1-4.40.1 sssd-dbus-debuginfo-1.16.1-4.40.1 sssd-debuginfo-1.16.1-4.40.1 sssd-debuginfo-32bit-1.16.1-4.40.1 sssd-debugsource-1.16.1-4.40.1 sssd-ipa-1.16.1-4.40.1 sssd-ipa-debuginfo-1.16.1-4.40.1 sssd-krb5-1.16.1-4.40.1 sssd-krb5-common-1.16.1-4.40.1 sssd-krb5-common-debuginfo-1.16.1-4.40.1 sssd-krb5-debuginfo-1.16.1-4.40.1 sssd-ldap-1.16.1-4.40.1 sssd-ldap-debuginfo-1.16.1-4.40.1 sssd-proxy-1.16.1-4.40.1 sssd-proxy-debuginfo-1.16.1-4.40.1 sssd-tools-1.16.1-4.40.1 sssd-tools-debuginfo-1.16.1-4.40.1 o SUSE OpenStack Cloud 9 (x86_64): libipa_hbac0-1.16.1-4.40.1 libipa_hbac0-debuginfo-1.16.1-4.40.1 libsss_certmap0-1.16.1-4.40.1 libsss_certmap0-debuginfo-1.16.1-4.40.1 libsss_idmap0-1.16.1-4.40.1 libsss_idmap0-debuginfo-1.16.1-4.40.1 libsss_nss_idmap0-1.16.1-4.40.1 libsss_nss_idmap0-debuginfo-1.16.1-4.40.1 libsss_simpleifp0-1.16.1-4.40.1 libsss_simpleifp0-debuginfo-1.16.1-4.40.1 python-sssd-config-1.16.1-4.40.1 python-sssd-config-debuginfo-1.16.1-4.40.1 sssd-1.16.1-4.40.1 sssd-32bit-1.16.1-4.40.1 sssd-ad-1.16.1-4.40.1 sssd-ad-debuginfo-1.16.1-4.40.1 sssd-dbus-1.16.1-4.40.1 sssd-dbus-debuginfo-1.16.1-4.40.1 sssd-debuginfo-1.16.1-4.40.1 sssd-debuginfo-32bit-1.16.1-4.40.1 sssd-debugsource-1.16.1-4.40.1 sssd-ipa-1.16.1-4.40.1 sssd-ipa-debuginfo-1.16.1-4.40.1 sssd-krb5-1.16.1-4.40.1 sssd-krb5-common-1.16.1-4.40.1 sssd-krb5-common-debuginfo-1.16.1-4.40.1 sssd-krb5-debuginfo-1.16.1-4.40.1 sssd-ldap-1.16.1-4.40.1 sssd-ldap-debuginfo-1.16.1-4.40.1 sssd-proxy-1.16.1-4.40.1 sssd-proxy-debuginfo-1.16.1-4.40.1 sssd-tools-1.16.1-4.40.1 sssd-tools-debuginfo-1.16.1-4.40.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libipa_hbac0-1.16.1-4.40.1 libipa_hbac0-debuginfo-1.16.1-4.40.1 libsss_certmap0-1.16.1-4.40.1 libsss_certmap0-debuginfo-1.16.1-4.40.1 libsss_idmap0-1.16.1-4.40.1 libsss_idmap0-debuginfo-1.16.1-4.40.1 libsss_nss_idmap0-1.16.1-4.40.1 libsss_nss_idmap0-debuginfo-1.16.1-4.40.1 libsss_simpleifp0-1.16.1-4.40.1 libsss_simpleifp0-debuginfo-1.16.1-4.40.1 python-sssd-config-1.16.1-4.40.1 python-sssd-config-debuginfo-1.16.1-4.40.1 sssd-1.16.1-4.40.1 sssd-ad-1.16.1-4.40.1 sssd-ad-debuginfo-1.16.1-4.40.1 sssd-dbus-1.16.1-4.40.1 sssd-dbus-debuginfo-1.16.1-4.40.1 sssd-debuginfo-1.16.1-4.40.1 sssd-debugsource-1.16.1-4.40.1 sssd-ipa-1.16.1-4.40.1 sssd-ipa-debuginfo-1.16.1-4.40.1 sssd-krb5-1.16.1-4.40.1 sssd-krb5-common-1.16.1-4.40.1 sssd-krb5-common-debuginfo-1.16.1-4.40.1 sssd-krb5-debuginfo-1.16.1-4.40.1 sssd-ldap-1.16.1-4.40.1 sssd-ldap-debuginfo-1.16.1-4.40.1 sssd-proxy-1.16.1-4.40.1 sssd-proxy-debuginfo-1.16.1-4.40.1 sssd-tools-1.16.1-4.40.1 sssd-tools-debuginfo-1.16.1-4.40.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): sssd-32bit-1.16.1-4.40.1 sssd-debuginfo-32bit-1.16.1-4.40.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-4.40.1 libipa_hbac0-debuginfo-1.16.1-4.40.1 libsss_certmap0-1.16.1-4.40.1 libsss_certmap0-debuginfo-1.16.1-4.40.1 libsss_idmap0-1.16.1-4.40.1 libsss_idmap0-debuginfo-1.16.1-4.40.1 libsss_nss_idmap0-1.16.1-4.40.1 libsss_nss_idmap0-debuginfo-1.16.1-4.40.1 libsss_simpleifp0-1.16.1-4.40.1 libsss_simpleifp0-debuginfo-1.16.1-4.40.1 python-sssd-config-1.16.1-4.40.1 python-sssd-config-debuginfo-1.16.1-4.40.1 sssd-1.16.1-4.40.1 sssd-ad-1.16.1-4.40.1 sssd-ad-debuginfo-1.16.1-4.40.1 sssd-dbus-1.16.1-4.40.1 sssd-dbus-debuginfo-1.16.1-4.40.1 sssd-debuginfo-1.16.1-4.40.1 sssd-debugsource-1.16.1-4.40.1 sssd-ipa-1.16.1-4.40.1 sssd-ipa-debuginfo-1.16.1-4.40.1 sssd-krb5-1.16.1-4.40.1 sssd-krb5-common-1.16.1-4.40.1 sssd-krb5-common-debuginfo-1.16.1-4.40.1 sssd-krb5-debuginfo-1.16.1-4.40.1 sssd-ldap-1.16.1-4.40.1 sssd-ldap-debuginfo-1.16.1-4.40.1 sssd-proxy-1.16.1-4.40.1 sssd-proxy-debuginfo-1.16.1-4.40.1 sssd-tools-1.16.1-4.40.1 sssd-tools-debuginfo-1.16.1-4.40.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): sssd-32bit-1.16.1-4.40.1 sssd-debuginfo-32bit-1.16.1-4.40.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): libsss_nss_idmap-devel-1.16.1-4.40.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): libsss_idmap-devel-1.16.1-4.40.1 References: o https://www.suse.com/security/cve/CVE-2021-3621.html o https://bugzilla.suse.com/1183735 o https://bugzilla.suse.com/1189492 o https://bugzilla.suse.com/1196564 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+BJuNLKJtyKPYoAQil3g//QFBzuh0A49GpfEOOhhJucEpSF/P3MGm+ YXWqpNlpaD/f+h01/HGTsdwZ7D2WqCVQsMi3mbZp4hwoJP0a9FP9lDqNN/Wcj1or 05g68Ro1oeH3/qHZNzMlBMllWsVKgq8X2xxstOVT1FAEqqtBput+IUnlzb26v65J 6T+tUzxO//ncoTaWUXkJkAClLEC/7lp7MhSTkCfnC6yo/W45bXd+hto9NASfyRn7 Yu8R5jlyIQMOJ1w7sr3fsGCQ3mw2Nv5r9+tUdeTVK7Nm+toICeTO4vmnUWd6l3uY 2n3tgA1W5ZITfKuzii7lOxOg/Vi9gMB/Pi2y2cVGdQaWOQ87R/fFEQklRTbSwrpQ NZeCvtDlumUpc+AGwvbmbusuXzePNUDAxDQ9MZVYZHgXy19qLwhApAZsPe2jBNTi oBffKrVCJsDM6rJbjHMHBVWBVUzzrOR2Any8gbmoiYQAH2TuUyzoHeUAh46RZo5C a7VKQSfajHRXWUecDWCysXn054pK2A5X9FgndPGFyZZ6Exao5SC1aCPhVd8a9VHz Bv93VKXLVgOBRCrH6yiBG8Umd9U4O5vsRmJni/opJ801Z2zQY+4MpB1S/CzrxF3g YmWQ2Z+FTwNotQLDskW7+C4O/UfK1IJ4WPjzQEM70vtQgKdvF2f0B5Lrd7OLZWXY OHocC1eajBY= =gEpQ -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1693 - [SUSE] Linux Kernel: CVSS (Max): 7.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1693 Security update for the Linux Kernel 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-28390 CVE-2022-28389 CVE-2022-28388 CVE-2022-28356 CVE-2022-27666 CVE-2022-26966 CVE-2022-26490 CVE-2022-23042 CVE-2022-23041 CVE-2022-23040 CVE-2022-23039 CVE-2022-23038 CVE-2022-23037 CVE-2022-23036 CVE-2022-1048 CVE-2022-1016 CVE-2022-0850 CVE-2022-0812 CVE-2021-45868 CVE-2021-39713 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221267-1 Comment: CVSS (Max): 7.7 CVE-2022-27666 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1267-1 Rating: important References: #1180153 #1189562 #1193738 #1194943 #1195051 #1195353 #1196018 #1196114 #1196468 #1196488 #1196514 #1196573 #1196639 #1196761 #1196830 #1196836 #1196942 #1196973 #1197211 #1197227 #1197331 #1197366 #1197391 #1197462 #1198031 #1198032 #1198033 Cross-References: CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 20 vulnerabilities, contains one feature and has 7 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: o CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639) o CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) o CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) o CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) o CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) o CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391) o CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) o CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) o CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc# 1197331) o CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) o CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) o CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: o ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc# 1196018). o genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). o llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). o net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc# 1196018). o net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). o net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). o sr9700: sanity check for packet length (bsc#1196836). o tcp: add some entropy in __inet_hash_connect() (bsc#1180153). o tcp: change source port randomizarion at connect() time (bsc#1180153). o usb: host: xen-hcd: add missing unlock in error path (git-fixes). o x86/tsc: Make calibration refinement more robust (bsc#1196573). o xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1267=1 o SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1267=1 o SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1267=1 o SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1267=1 o SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1267=1 o SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-1267=1 Package List: o SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.96.1 kernel-macros-4.12.14-95.96.1 kernel-source-4.12.14-95.96.1 o SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.96.1 kernel-default-base-4.12.14-95.96.1 kernel-default-base-debuginfo-4.12.14-95.96.1 kernel-default-debuginfo-4.12.14-95.96.1 kernel-default-debugsource-4.12.14-95.96.1 kernel-default-devel-4.12.14-95.96.1 kernel-default-devel-debuginfo-4.12.14-95.96.1 kernel-syms-4.12.14-95.96.1 o SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.96.1 kernel-macros-4.12.14-95.96.1 kernel-source-4.12.14-95.96.1 o SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.96.1 kernel-default-base-4.12.14-95.96.1 kernel-default-base-debuginfo-4.12.14-95.96.1 kernel-default-debuginfo-4.12.14-95.96.1 kernel-default-debugsource-4.12.14-95.96.1 kernel-default-devel-4.12.14-95.96.1 kernel-default-devel-debuginfo-4.12.14-95.96.1 kernel-syms-4.12.14-95.96.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.96.1 kernel-default-base-4.12.14-95.96.1 kernel-default-base-debuginfo-4.12.14-95.96.1 kernel-default-debuginfo-4.12.14-95.96.1 kernel-default-debugsource-4.12.14-95.96.1 kernel-default-devel-4.12.14-95.96.1 kernel-syms-4.12.14-95.96.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.96.1 kernel-macros-4.12.14-95.96.1 kernel-source-4.12.14-95.96.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.96.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.96.1 kernel-default-base-4.12.14-95.96.1 kernel-default-base-debuginfo-4.12.14-95.96.1 kernel-default-debuginfo-4.12.14-95.96.1 kernel-default-debugsource-4.12.14-95.96.1 kernel-default-devel-4.12.14-95.96.1 kernel-syms-4.12.14-95.96.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.96.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.96.1 kernel-macros-4.12.14-95.96.1 kernel-source-4.12.14-95.96.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.96.1 o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.96.1 kernel-default-kgraft-devel-4.12.14-95.96.1 kgraft-patch-4_12_14-95_96-default-1-6.3.1 o SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.96.1 cluster-md-kmp-default-debuginfo-4.12.14-95.96.1 dlm-kmp-default-4.12.14-95.96.1 dlm-kmp-default-debuginfo-4.12.14-95.96.1 gfs2-kmp-default-4.12.14-95.96.1 gfs2-kmp-default-debuginfo-4.12.14-95.96.1 kernel-default-debuginfo-4.12.14-95.96.1 kernel-default-debugsource-4.12.14-95.96.1 ocfs2-kmp-default-4.12.14-95.96.1 ocfs2-kmp-default-debuginfo-4.12.14-95.96.1 References: o https://www.suse.com/security/cve/CVE-2021-39713.html o https://www.suse.com/security/cve/CVE-2021-45868.html o https://www.suse.com/security/cve/CVE-2022-0812.html o https://www.suse.com/security/cve/CVE-2022-0850.html o https://www.suse.com/security/cve/CVE-2022-1016.html o https://www.suse.com/security/cve/CVE-2022-1048.html o https://www.suse.com/security/cve/CVE-2022-23036.html o https://www.suse.com/security/cve/CVE-2022-23037.html o https://www.suse.com/security/cve/CVE-2022-23038.html o https://www.suse.com/security/cve/CVE-2022-23039.html o https://www.suse.com/security/cve/CVE-2022-23040.html o https://www.suse.com/security/cve/CVE-2022-23041.html o https://www.suse.com/security/cve/CVE-2022-23042.html o https://www.suse.com/security/cve/CVE-2022-26490.html o https://www.suse.com/security/cve/CVE-2022-26966.html o https://www.suse.com/security/cve/CVE-2022-27666.html o https://www.suse.com/security/cve/CVE-2022-28356.html o https://www.suse.com/security/cve/CVE-2022-28388.html o https://www.suse.com/security/cve/CVE-2022-28389.html o https://www.suse.com/security/cve/CVE-2022-28390.html o https://bugzilla.suse.com/1180153 o https://bugzilla.suse.com/1189562 o https://bugzilla.suse.com/1193738 o https://bugzilla.suse.com/1194943 o https://bugzilla.suse.com/1195051 o https://bugzilla.suse.com/1195353 o https://bugzilla.suse.com/1196018 o https://bugzilla.suse.com/1196114 o https://bugzilla.suse.com/1196468 o https://bugzilla.suse.com/1196488 o https://bugzilla.suse.com/1196514 o https://bugzilla.suse.com/1196573 o https://bugzilla.suse.com/1196639 o https://bugzilla.suse.com/1196761 o https://bugzilla.suse.com/1196830 o https://bugzilla.suse.com/1196836 o https://bugzilla.suse.com/1196942 o https://bugzilla.suse.com/1196973 o https://bugzilla.suse.com/1197211 o https://bugzilla.suse.com/1197227 o https://bugzilla.suse.com/1197331 o https://bugzilla.suse.com/1197366 o https://bugzilla.suse.com/1197391 o https://bugzilla.suse.com/1197462 o https://bugzilla.suse.com/1198031 o https://bugzilla.suse.com/1198032 o https://bugzilla.suse.com/1198033 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+BF+NLKJtyKPYoAQjVxg/9GXCDHocYQox95Q2KXwo6wve1IotOBXJ0 jSWE1omLOSJt/+5t7BRaPHgLpi1F7/bUEIGR1kTkQaQZoRrcVy1c9oTIimEWY5ca 7uWKtuaFjs+jor1Zbwy72XOsMRY4f3QVhnP9gcfQB/c+ZqDHPnlTbjIg/0PuE6rN CaRIWylbXD9QxKe6K8BtI2D902LR7BTcjHBfkevSUbr1lD/1cX1XeE2q9x4bO/Oe UORc3CZQ8Qvdo9QPQ5yA9M8Eo2d8i4CeC/iSRNX0R6MxBPOd8oL2BUDbIxNo4wYK HjvCqfIhizDou6WbeX/Gk4IWrnisb6pPmbl5U6C+asn+goGAvJBx24c7TpVd1hh9 dWa3xXrHykBqBEf23V8aEXweYfb5FgypWs9dFoO4zLoyWgSV5bG6IQqzFpPX8tkr PpPhdOEt4k8m25wGS0Ka9vvo66AczWzQ2LQmmYZ1kcA1uNXdSmYNy9+gB7m0AhKb otkAtfspDtNAhv4L7WOttzeHRkG2V6IMwzmww2qtoCVDdMeoO45dNeRemjawUh+r 8zKMKwKs4lG90VszYRiOigU0qWmJUNKefSYJTq6d0+//+iQGeMp/cEx2fjHXseFf savs5niGfYtKcf4NmGfJIAlYMTd0Vy+FFTreKYenJ85sDayCyzIbVKUZS/wGBRm7 E+c9davSfo8= =IzK0 -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1692 - [SUSE] Linux Kernel: CVSS (Max): 7.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1692 Security update for the Linux Kernel 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-28390 CVE-2022-28389 CVE-2022-28388 CVE-2022-28356 CVE-2022-27666 CVE-2022-26966 CVE-2022-26490 CVE-2022-23042 CVE-2022-23041 CVE-2022-23040 CVE-2022-23039 CVE-2022-23038 CVE-2022-23037 CVE-2022-23036 CVE-2022-1048 CVE-2022-1016 CVE-2022-0850 CVE-2022-0812 CVE-2021-45868 CVE-2021-39713 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221266-1 Comment: CVSS (Max): 7.7 CVE-2022-27666 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1266-1 Rating: important References: #1065729 #1114648 #1180153 #1184207 #1189562 #1191428 #1191451 #1192273 #1193738 #1194163 #1194541 #1194580 #1194586 #1194590 #1194591 #1194943 #1195051 #1195353 #1195403 #1195480 #1195482 #1196018 #1196114 #1196339 #1196367 #1196468 #1196478 #1196488 #1196514 #1196639 #1196723 #1196761 #1196830 #1196836 #1196942 #1196973 #1196999 #1197099 #1197227 #1197331 #1197366 #1197391 #1197462 #1197531 #1197661 #1197675 #1197754 #1197755 #1197756 #1197757 #1197758 #1197760 #1197763 #1197806 #1197894 #1198031 #1198032 #1198033 Cross-References: CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 20 vulnerabilities, contains three features and has 38 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: o CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391) o CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) o CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) o CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) o CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) o CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639) o CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc# 1197331) o CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) o CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) o CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) o CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) o CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: o asix: Add rx->ax_skb = NULL after usbnet_skb_return() (git-fixes). o asix: Ensure asix_rx_fixup_info members are all reset (git-fixes). o asix: Fix small memory leak in ax88772_unbind() (git-fixes). o asix: fix uninit-value in asix_mdio_read() (git-fixes). o asix: fix wrong return value in asix_check_host_enable() (git-fixes). o ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc# 1196018). o block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). o block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). o can: dev: can_restart: fix use after free bug (git-fixes). o cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (bsc#1196723). o cgroup: Correct privileges check in release_agent writes (bsc#1196723). o cgroup: Use open-time cgroup namespace for process migration perm checks (bsc#1196723). o dax: update to new mmu_notifier semantic (bsc#1184207). o EDAC: Fix calculation of returned address and next offset in edac_align_ptr () (bsc#1114648). o ena_netdev: use generic power management (bsc#1197099 jsc#SLE-24125). o ena: Remove rcu_read_lock() around XDP program invocation (bsc#1197099 jsc# SLE-24125). o ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc# SLE-24125). o ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). o ext4: check for inconsistent extents between index and leaf block (bsc# 1194163 bsc#1196339). o ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). o ext4: do not use the orphan list when migrating an inode (bsc#1197756). o ext4: fix an use-after-free issue about data=journal writeback mode (bsc# 1195482). o ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). o ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). o ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580). o ext4: make sure quota gets properly shutdown on error (bsc#1195480). o ext4: prevent partial update of the extent blocks (bsc#1194163 bsc# 1196339). o ext4: update i_disksize if direct write past ondisk size (bsc#1197806). o fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl o genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). o gtp: fix an use-before-init in gtp_newlink() (git-fixes). o IB/core: Fix ODP get user pages flow (git-fixes) o IB/hfi1: Acquire lock to release TID entries when user file is closed (git-fixes) o IB/hfi1: Adjust pkey entry in index 0 (git-fixes) o IB/hfi1: Correct guard on eager buffer deallocation (git-fixes) o IB/hfi1: Ensure pq is not left on waitlist (git-fixes) o IB/hfi1: Fix another case where pq is left on waitlist (git-fixes) o IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) o IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes) o IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) o IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes) o IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) o IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) o IB/qib: Use struct_size() helper (git-fixes) o IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes) o IB/umad: Return EIO in case of when device disassociated (git-fixes) o IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) o isofs: Fix out of bound access for corrupted isofs image (bsc#1194591). o llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). o mdio: fix mdio-thunder.c dependency build error (git-fixes). o mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). o mm: drop NULL return check of pte_offset_map_lock() (bsc#1184207). o mm/rmap: always do TTU_IGNORE_ACCESS (bsc#1184207). o mm/rmap: update to new mmu_notifier semantic v2 (bsc#1184207). o net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). o net: asix: add proper error handling of usb read errors (git-fixes). o net: asix: fix uninit value bugs (git-fixes). o net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). o net: dp83867: Fix OF_MDIO config check (git-fixes). o net: dsa: bcm_sf2: put device node before return (git-fixes). o net: ena: Add capabilities field with support for ENI stats capability (bsc #1197099 jsc#SLE-24125). o net: ena: Add debug prints for invalid req_id resets (bsc#1197099 jsc# SLE-24125). o net: ena: add device distinct log prefix to files (bsc#1197099 jsc# SLE-24125). o net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc# SLE-24125). o net: ena: aggregate doorbell common operations into a function (bsc#1197099 jsc#SLE-24125). o net: ena: aggregate stats increase into a function (bsc#1197099 jsc# SLE-24125). o net: ena: Change ENI stats support check to use capabilities field (bsc# 1197099 jsc#SLE-24125). o net: ena: Change return value of ena_calc_io_queue_size() to void (bsc# 1197099 jsc#SLE-24125). o net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24125). o net: ena: Extract recurring driver reset code into a function (bsc#1197099 jsc#SLE-24125). o net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24125). o net: ena: fix DMA mapping function issues in XDP (bsc#1197099 jsc# SLE-24125). o net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24125). o net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc# SLE-24125). o net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24125). o net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1197099 jsc#SLE-24125). o net: ena: introduce XDP redirect implementation (bsc#1197099 jsc# SLE-24125). o net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc# SLE-24125). o net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24125). o net: ena: optimize data access in fast-path code (bsc#1197099 jsc# SLE-24125). o net: ena: re-organize code to improve readability (bsc#1197099 jsc# SLE-24125). o net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc# SLE-24125). o net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24125). o net: ena: Remove module param and change message severity (bsc#1197099 jsc# SLE-24125). o net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24125). o net: ena: Remove unused code (bsc#1197099 jsc#SLE-24125). o net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24125). o net: ena: Update XDP verdict upon failure (bsc#1197099 jsc#SLE-24125). o net: ena: use build_skb() in RX path (bsc#1197099 jsc#SLE-24125). o net: ena: use constant value for net_device allocation (bsc#1197099 jsc# SLE-24125). o net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc# SLE-24125). o net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1197099 jsc# SLE-24125). o net: ena: use xdp_frame in XDP TX flow (bsc#1197099 jsc#SLE-24125). o net: ena: use xdp_return_frame() to free xdp frames (bsc#1197099 jsc# SLE-24125). o net: ethernet: Fix memleak in ethoc_probe (git-fixes). o net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). o net: fec: only check queue 0 if RXF_0/TXF_0 interrupt is set (git-fixes). o net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). o net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). o net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). o net: hns: fix return value check in __lb_other_process() (git-fixes). o net: marvell: Fix OF_MDIO config check (git-fixes). o net: mcs7830: handle usb read errors properly (git-fixes). o net: usb: asix: add error handling for asix_mdio_* functions (git-fixes). o net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc# 1196018). o net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). o net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). o netxen_nic: fix MSI/MSI-x interrupts (git-fixes). o NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). o NFS: Clamp WRITE offsets (git-fixes). o NFS: Do not report writeback errors in nfs_getattr() (git-fixes). o NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). o NFS: Do not skip directory entries when doing uncached readdir (git-fixes). o NFS: Fix another issue with a list iterator pointing to the head (git-fixes). o NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). o NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). o NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). o ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). o ocfs2: remove ocfs2_is_o2cb_active() (bsc#1197758). o powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15288, jsc# ECO-2990). o powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes). o powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc# 1196999 ltc#196609). o powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jec# SLE-23780). o powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). o powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). o powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jec# SLE-23780). o powerpc/sysdev: fix incorrect use to determine if list is empty (bsc# 1065729). o powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). o powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). o powerpc/xive: fix return value of __setup handler (bsc#1065729). o printk: Add panic_in_progress helper (bsc#1197894). o printk: disable optimistic spin during panic (bsc#1197894). o qed: select CONFIG_CRC32 (git-fixes). o quota: correct error number in free_dqentry() (bsc#1194590). o RDMA/addr: Be strict with gid size (git-fixes) o RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) o RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) o RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with pending cmd-bit" (git-fixes) o RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) o RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) o RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) o RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes) o RDMA/core: Do not infoleak GRH fields (git-fixes) o RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes) o RDMA/cxgb4: add missing qpid increment (git-fixes) o RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) o RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) o RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) o RDMA/cxgb4: Set queue pair state when being queried (git-fixes) o RDMA/cxgb4: Validate the number of CQEs (git-fixes) o RDMA/hns: Add a check for current state before modifying QP (git-fixes) o RDMA/hns: Encapsulate some lines for setting sq size in user mode (git-fixes) o RDMA/hns: Optimize hns_roce_modify_qp function (git-fixes) o RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size() (git-fixes) o RDMA/hns: Validate the pkey index (git-fixes) o RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) o RDMA/ib_srp: Fix a deadlock (git-fixes) o RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) o RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes) o RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) o RDMA/mlx5: Do not allow rereg of a ODP MR (git-fixes) o RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) o RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) o RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes) o RDMA/mlx5: Put live in the correct place for ODP MRs (git-fixes) o RDMA/odp: Lift umem_mutex out of ib_umem_odp_unmap_dma_pages() (git-fixes) o RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) o RDMA/qib: Remove superfluous fallthrough statements (git-fixes) o RDMA/rxe: Clear all QP fields if creation failed (git-fixes) o RDMA/rxe: Compute PSN windows correctly (git-fixes) o RDMA/rxe: Correct skb on loopback path (git-fixes) o RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) o RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) o RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) o RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) o RDMA/rxe: Fix failure during driver load (git-fixes) o RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) o RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) o RDMA/rxe: Fix panic when calling kmem_cache_create() (git-fixes) o RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) o RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (git-fixes) o RDMA/rxe: Fix wrong port_cap_flags (git-fixes) o RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (git-fixes) o RDMA/rxe: Remove rxe_link_layer() (git-fixes) o RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) o RDMA/ucma: Fix locking for ctx->events_reported (git-fixes) o RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) o RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes) o RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) o s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). o s390/disassembler: increase ebpf disasm buffer size (git-fixes). o scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). o scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). o scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). o scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). o scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc# 1197675 bsc#1196478). o scsi: lpfc: Fix typos in comments (bsc#1197675). o scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). o scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc# 1196478). o scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). o scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). o scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). o scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc# 1197675). o scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). o scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). o scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). o scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc #1197675). o scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). o scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). o scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). o scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). o scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). o scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). o scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). o scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). o scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc# 1197675). o scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). o scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc# 1197675). o scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). o scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). o scsi: lpfc: Use fc_block_rport() (bsc#1197675). o scsi: lpfc: Use kcalloc() (bsc#1197675). o scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). o scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). o scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). o scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). o scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). o scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc# 1197661). o scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). o scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc# 1197661). o scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). o scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). o scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). o scsi: qla2xxx: Fix typos in comments (bsc#1197661). o scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). o scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). o scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). o scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). o scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc #1197661). o scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). o scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). o sr9700: sanity check for packet length (bsc#1196836). o SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). o SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). o SUNRPC: Fix transport accounting when caller specifies an rpc_xprt (bsc# 1197531). o tcp: add some entropy in __inet_hash_connect() (bsc#1180153). o tcp: change source port randomizarion at connect() time (bsc#1180153). o tcp: Export tcp_{sendpage,sendmsg}_locked() for ipv6 (bsc#1194541). o tracing: Fix return value of __setup handlers (git-fixes). o USB: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). o USB: chipidea: fix interrupt deadlock (git-fixes). o USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). o USB: ftdi-elan: fix memory leak on device disconnect (git-fixes). o USB: host: xen-hcd: add missing unlock in error path (git-fixes). o USB: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). o USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). o USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). o USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). o USB: serial: option: add support for DW5829e (git-fixes). o USB: serial: option: add Telit LE910R1 compositions (git-fixes). o USB: serial: option: add ZTE MF286D modem (git-fixes). o USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). o USB: zaurus: support another broken Zaurus (git-fixes). o virtio_net: Fix recursive call to cpus_read_lock() (git-fixes). o x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc# 1114648). o x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1114648). o xen/gntdev: update to new mmu_notifier semantic (bsc#1184207). o xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). o xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). o xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes). o xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). o xhci: re-initialize the HC during resume if HCE was set (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1266=1 Package List: o SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.94.1 kernel-azure-base-4.12.14-16.94.1 kernel-azure-base-debuginfo-4.12.14-16.94.1 kernel-azure-debuginfo-4.12.14-16.94.1 kernel-azure-debugsource-4.12.14-16.94.1 kernel-azure-devel-4.12.14-16.94.1 kernel-syms-azure-4.12.14-16.94.1 o SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.94.1 kernel-source-azure-4.12.14-16.94.1 References: o https://www.suse.com/security/cve/CVE-2021-39713.html o https://www.suse.com/security/cve/CVE-2021-45868.html o https://www.suse.com/security/cve/CVE-2022-0812.html o https://www.suse.com/security/cve/CVE-2022-0850.html o https://www.suse.com/security/cve/CVE-2022-1016.html o https://www.suse.com/security/cve/CVE-2022-1048.html o https://www.suse.com/security/cve/CVE-2022-23036.html o https://www.suse.com/security/cve/CVE-2022-23037.html o https://www.suse.com/security/cve/CVE-2022-23038.html o https://www.suse.com/security/cve/CVE-2022-23039.html o https://www.suse.com/security/cve/CVE-2022-23040.html o https://www.suse.com/security/cve/CVE-2022-23041.html o https://www.suse.com/security/cve/CVE-2022-23042.html o https://www.suse.com/security/cve/CVE-2022-26490.html o https://www.suse.com/security/cve/CVE-2022-26966.html o https://www.suse.com/security/cve/CVE-2022-27666.html o https://www.suse.com/security/cve/CVE-2022-28356.html o https://www.suse.com/security/cve/CVE-2022-28388.html o https://www.suse.com/security/cve/CVE-2022-28389.html o https://www.suse.com/security/cve/CVE-2022-28390.html o https://bugzilla.suse.com/1065729 o https://bugzilla.suse.com/1114648 o https://bugzilla.suse.com/1180153 o https://bugzilla.suse.com/1184207 o https://bugzilla.suse.com/1189562 o https://bugzilla.suse.com/1191428 o https://bugzilla.suse.com/1191451 o https://bugzilla.suse.com/1192273 o https://bugzilla.suse.com/1193738 o https://bugzilla.suse.com/1194163 o https://bugzilla.suse.com/1194541 o https://bugzilla.suse.com/1194580 o https://bugzilla.suse.com/1194586 o https://bugzilla.suse.com/1194590 o https://bugzilla.suse.com/1194591 o https://bugzilla.suse.com/1194943 o https://bugzilla.suse.com/1195051 o https://bugzilla.suse.com/1195353 o https://bugzilla.suse.com/1195403 o https://bugzilla.suse.com/1195480 o https://bugzilla.suse.com/1195482 o https://bugzilla.suse.com/1196018 o https://bugzilla.suse.com/1196114 o https://bugzilla.suse.com/1196339 o https://bugzilla.suse.com/1196367 o https://bugzilla.suse.com/1196468 o https://bugzilla.suse.com/1196478 o https://bugzilla.suse.com/1196488 o https://bugzilla.suse.com/1196514 o https://bugzilla.suse.com/1196639 o https://bugzilla.suse.com/1196723 o https://bugzilla.suse.com/1196761 o https://bugzilla.suse.com/1196830 o https://bugzilla.suse.com/1196836 o https://bugzilla.suse.com/1196942 o https://bugzilla.suse.com/1196973 o https://bugzilla.suse.com/1196999 o https://bugzilla.suse.com/1197099 o https://bugzilla.suse.com/1197227 o https://bugzilla.suse.com/1197331 o https://bugzilla.suse.com/1197366 o https://bugzilla.suse.com/1197391 o https://bugzilla.suse.com/1197462 o https://bugzilla.suse.com/1197531 o https://bugzilla.suse.com/1197661 o https://bugzilla.suse.com/1197675 o https://bugzilla.suse.com/1197754 o https://bugzilla.suse.com/1197755 o https://bugzilla.suse.com/1197756 o https://bugzilla.suse.com/1197757 o https://bugzilla.suse.com/1197758 o https://bugzilla.suse.com/1197760 o https://bugzilla.suse.com/1197763 o https://bugzilla.suse.com/1197806 o https://bugzilla.suse.com/1197894 o https://bugzilla.suse.com/1198031 o https://bugzilla.suse.com/1198032 o https://bugzilla.suse.com/1198033 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+BDuNLKJtyKPYoAQg4vA//XvGKaNLlKS7/Tu4hFwJ9INwlBJ+PRVYX 2/4e3eCdM0JaGbmgo8u5737xCJZmL71Ao+aYWL2wM2wHWwfG5Tk2z1pfa8VCkpvG ZjpiyOcSRvKhrfmTImRXVEESx17BoEaBbPdg1muhWs5G7+fy2haiUBHGmf9qZmN4 4rIi34VLP7FCYXQBaWqibiuLcVcOo7mm4M3gj1VGcoyiG3QSdib3w7rhMiQCQ/SQ DaigqTxuuW/GZAhQPyT1LWbAA2C583eC7VJV2zTbRNkQXblZVNq9cJhMi+z6Rzj7 gSqyaPB0ddFeECdUNpNmpSSq6iQ3JB4PBYgRB8UhWiqNMyYFdBu5+P6ZTI4w3dsT B6chQ14aRcfT//1IHV5y0vyxpYJXqN2hNlvitBGkLg0sxO0S6oYTVrx2aCirr9M8 pdIh1vRHZDUGTslKu13ynRUYCejVLXlYrhwocUw0hyujebBCo4V+YI9txsIqhPkr 2PgQMwm4N+x97I5m9HNxss6Fdj1e2dfooM8yY2iKRu977a46xvLNRl7imuyfjbus z76sLa0mXtm4LxEC75bz31z1go0+/5JRM3Ik2Fa5jeITl2AZnHvjnBYNjqUpQBLA eVt6Q0FPy5BKY1PktvVSpKg4jwemQCpYmXhf+5VOVn0mLxavAX8ypCdK243ZQIz0 ugkdBmjdU24= =Uu8K -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1691 - [SUSE] Linux Kernel: CVSS (Max): 8.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1691 Security update for the Linux Kernel 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-28748 CVE-2022-28390 CVE-2022-28389 CVE-2022-28388 CVE-2022-27666 CVE-2022-26966 CVE-2022-26490 CVE-2022-25375 CVE-2022-25258 CVE-2022-24959 CVE-2022-24958 CVE-2022-24448 CVE-2022-23042 CVE-2022-23041 CVE-2022-23040 CVE-2022-23039 CVE-2022-23038 CVE-2022-23037 CVE-2022-23036 CVE-2022-1055 CVE-2022-1048 CVE-2022-1016 CVE-2022-0854 CVE-2022-0850 CVE-2022-0644 CVE-2022-0617 CVE-2022-0516 CVE-2022-0492 CVE-2022-0487 CVE-2021-45868 CVE-2021-44879 CVE-2021-39698 CVE-2021-0920 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221257-1 Comment: CVSS (Max): 8.4 CVE-2022-1055 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1257-1 Rating: important References: #1179639 #1189126 #1189562 #1193731 #1194516 #1194943 #1195051 #1195254 #1195286 #1195353 #1195403 #1195516 #1195543 #1195612 #1195897 #1195905 #1195939 #1195987 #1196018 #1196079 #1196095 #1196155 #1196196 #1196235 #1196468 #1196488 #1196612 #1196761 #1196776 #1196823 #1196830 #1196836 #1196956 #1197227 #1197331 #1197366 #1197389 #1197462 #1197702 #1198031 #1198032 #1198033 Cross-References: CVE-2021-0920 CVE-2021-39698 CVE-2021-44879 CVE-2021-45868 CVE-2022-0487 CVE-2022-0492 CVE-2022-0516 CVE-2022-0617 CVE-2022-0644 CVE-2022-0850 CVE-2022-0854 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25375 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28748 Affected Products: SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Realtime 15-SP2 SUSE Linux Enterprise Real Time 15-SP2 ______________________________________________________________________________ An update that solves 33 vulnerabilities, contains one feature and has 9 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: o CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space (bnc#1196823). o CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). o CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033). o CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). o CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc# 1197331). o CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation (bnc#1197702). o CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation (bnc#1197462). o CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366). o CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836). o CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed (bsc#1196956). o CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free bug in unix_gc (bsc#1193731). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488). CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image (bsc#1196079). CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235). CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc# 1196096). CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc# 1195987). CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/ hamradio/yam.c (bsc#1195897). CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc# 1195612). CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc# 1195543). CVE-2022-28748: Fixed various information leaks that could be caused by malicious USB devices (bsc#1196018). CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155) CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc #1196761). CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227). The following non-security bugs were fixed: o cifs: use the correct max-length for dentry_path_raw() (bsc#1196196). o gve: multiple bugfixes (jsc#SLE-23652). o net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). o netfilter: conntrack: do not refresh sctp entries in closed state (bsc# 1197389). o powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc #1179639). o scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). o scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2022-1257=1 o SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1257=1 Package List: o SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-150200.79.2 kernel-source-rt-5.3.18-150200.79.2 o SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-150200.79.2 cluster-md-kmp-rt-debuginfo-5.3.18-150200.79.2 dlm-kmp-rt-5.3.18-150200.79.2 dlm-kmp-rt-debuginfo-5.3.18-150200.79.2 gfs2-kmp-rt-5.3.18-150200.79.2 gfs2-kmp-rt-debuginfo-5.3.18-150200.79.2 kernel-rt-5.3.18-150200.79.2 kernel-rt-debuginfo-5.3.18-150200.79.2 kernel-rt-debugsource-5.3.18-150200.79.2 kernel-rt-devel-5.3.18-150200.79.2 kernel-rt-devel-debuginfo-5.3.18-150200.79.2 kernel-rt_debug-5.3.18-150200.79.2 kernel-rt_debug-debuginfo-5.3.18-150200.79.2 kernel-rt_debug-debugsource-5.3.18-150200.79.2 kernel-rt_debug-devel-5.3.18-150200.79.2 kernel-rt_debug-devel-debuginfo-5.3.18-150200.79.2 kernel-syms-rt-5.3.18-150200.79.1 ocfs2-kmp-rt-5.3.18-150200.79.2 ocfs2-kmp-rt-debuginfo-5.3.18-150200.79.2 o SUSE Linux Enterprise Micro 5.0 (x86_64): kernel-rt-5.3.18-150200.79.2 kernel-rt-debuginfo-5.3.18-150200.79.2 kernel-rt-debugsource-5.3.18-150200.79.2 References: o https://www.suse.com/security/cve/CVE-2021-0920.html o https://www.suse.com/security/cve/CVE-2021-39698.html o https://www.suse.com/security/cve/CVE-2021-44879.html o https://www.suse.com/security/cve/CVE-2021-45868.html o https://www.suse.com/security/cve/CVE-2022-0487.html o https://www.suse.com/security/cve/CVE-2022-0492.html o https://www.suse.com/security/cve/CVE-2022-0516.html o https://www.suse.com/security/cve/CVE-2022-0617.html o https://www.suse.com/security/cve/CVE-2022-0644.html o https://www.suse.com/security/cve/CVE-2022-0850.html o https://www.suse.com/security/cve/CVE-2022-0854.html o https://www.suse.com/security/cve/CVE-2022-1016.html o https://www.suse.com/security/cve/CVE-2022-1048.html o https://www.suse.com/security/cve/CVE-2022-1055.html o https://www.suse.com/security/cve/CVE-2022-23036.html o https://www.suse.com/security/cve/CVE-2022-23037.html o https://www.suse.com/security/cve/CVE-2022-23038.html o https://www.suse.com/security/cve/CVE-2022-23039.html o https://www.suse.com/security/cve/CVE-2022-23040.html o https://www.suse.com/security/cve/CVE-2022-23041.html o https://www.suse.com/security/cve/CVE-2022-23042.html o https://www.suse.com/security/cve/CVE-2022-24448.html o https://www.suse.com/security/cve/CVE-2022-24958.html o https://www.suse.com/security/cve/CVE-2022-24959.html o https://www.suse.com/security/cve/CVE-2022-25258.html o https://www.suse.com/security/cve/CVE-2022-25375.html o https://www.suse.com/security/cve/CVE-2022-26490.html o https://www.suse.com/security/cve/CVE-2022-26966.html o https://www.suse.com/security/cve/CVE-2022-27666.html o https://www.suse.com/security/cve/CVE-2022-28388.html o https://www.suse.com/security/cve/CVE-2022-28389.html o https://www.suse.com/security/cve/CVE-2022-28390.html o https://www.suse.com/security/cve/CVE-2022-28748.html o https://bugzilla.suse.com/1179639 o https://bugzilla.suse.com/1189126 o https://bugzilla.suse.com/1189562 o https://bugzilla.suse.com/1193731 o https://bugzilla.suse.com/1194516 o https://bugzilla.suse.com/1194943 o https://bugzilla.suse.com/1195051 o https://bugzilla.suse.com/1195254 o https://bugzilla.suse.com/1195286 o https://bugzilla.suse.com/1195353 o https://bugzilla.suse.com/1195403 o https://bugzilla.suse.com/1195516 o https://bugzilla.suse.com/1195543 o https://bugzilla.suse.com/1195612 o https://bugzilla.suse.com/1195897 o https://bugzilla.suse.com/1195905 o https://bugzilla.suse.com/1195939 o https://bugzilla.suse.com/1195987 o https://bugzilla.suse.com/1196018 o https://bugzilla.suse.com/1196079 o https://bugzilla.suse.com/1196095 o https://bugzilla.suse.com/1196155 o https://bugzilla.suse.com/1196196 o https://bugzilla.suse.com/1196235 o https://bugzilla.suse.com/1196468 o https://bugzilla.suse.com/1196488 o https://bugzilla.suse.com/1196612 o https://bugzilla.suse.com/1196761 o https://bugzilla.suse.com/1196776 o https://bugzilla.suse.com/1196823 o https://bugzilla.suse.com/1196830 o https://bugzilla.suse.com/1196836 o https://bugzilla.suse.com/1196956 o https://bugzilla.suse.com/1197227 o https://bugzilla.suse.com/1197331 o https://bugzilla.suse.com/1197366 o https://bugzilla.suse.com/1197389 o https://bugzilla.suse.com/1197462 o https://bugzilla.suse.com/1197702 o https://bugzilla.suse.com/1198031 o https://bugzilla.suse.com/1198032 o https://bugzilla.suse.com/1198033 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+A/eNLKJtyKPYoAQhZxBAAknqdy/CBu6e6EgmZ2slb8pB4pmkv3Um5 Fgnm91bhVRjvOawDDER+3rOuPkig1r3t95I22rKwxIgpOSUu6LCE/zrko2oBvoPn Y2fs3Qwaqx8UdKgJNgI/wDZKZP2IqCbD7qKiE01vf7k+h9j2ja/O2PNrYhrTLYrG /lk4ve6eyRgOWjiDNJtGzYJ823N9pRU6FgOjjvwkKo44QEvAT4jAodDiIU4nkIGK VBSeBGx6anoYr8K30xaaBteRX0oA5FRx1Op6xtEZPH7nI7nNkGbSTeto1DOsHAl7 tAJc21g6ULrrWHNldpIVJb20BxNU17EN/uFTizP5y4HLHA0Ys42ZT+0jaS4PwicO a2SH09Zuvc8CowzRZfJqTtTzu6RDrkzqSgtORcmLc1wd6UYgWyQzTYRcbFxtvEIC bV+CagqWwNgeI4krVQmxcnTgOPpCJT8LfDSqgzxAhFZOLjy23C6VYuedA08aG7EQ qmj/mQHO3FkI2MgkyAtvOxy03RggMoEEnTT9qeIJacuB+1rgwqZRxmn09lBNJR+1 YfNREp6kUg0u1JLDbOmAvDt3RYq+xz7KYHEv4qcH7IBTTGUdWEv6P2suJDb0STVg SXB9hRMQOHpoEVe9L/zDTASZwHp0lU6p2dafWlZ8XUUzAcTsWv9XmpvKjt3evoqk z/klD0o0rfE= =I+yK -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1690 - [SUSE] Linux Kernel: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1690 Security update for the Linux Kernel 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-28390 CVE-2022-28389 CVE-2022-28388 CVE-2022-28356 CVE-2022-26966 CVE-2022-26490 CVE-2022-23042 CVE-2022-23041 CVE-2022-23040 CVE-2022-23039 CVE-2022-23038 CVE-2022-23037 CVE-2022-23036 CVE-2022-1048 CVE-2022-1016 CVE-2022-0850 CVE-2022-0812 CVE-2021-45868 CVE-2021-39713 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221256-1 Comment: CVSS (Max): 7.5 CVE-2022-23042 (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1256-1 Rating: important References: #1189562 #1193738 #1194943 #1195051 #1195254 #1195353 #1196018 #1196114 #1196433 #1196468 #1196488 #1196514 #1196639 #1196761 #1196830 #1196836 #1196942 #1196973 #1197227 #1197331 #1197366 #1197391 #1198031 #1198032 #1198033 Cross-References: CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 19 vulnerabilities, contains two features and has 6 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: o CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc# 1197391). o CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227). o CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). o CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033). o CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). o CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma (bsc #1196639). o CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc# 1197331). o CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761). o CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836). o CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366). o CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1196973). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488). CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). The following non-security bugs were fixed: o ax88179_178a: Fixed memory issues that could be triggered by malicious USB devices (bsc#1196018). o genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). o gve/net: Fixed multiple bugfixes (jsc#SLE-23652). o net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). o net: tipc: validate domain record count on input (bsc#1195254). o powerpc: Fixed issues related to slow I/O on PowerPC (bsc#1196433). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1256=1 o openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1256=1 o SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1256=1 o SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1256=1 o SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1256=1 o SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1256=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1256=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1256=1 o SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1256=1 o SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1256=1 o SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. I will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-4.12.14-150100.197.111.1 kernel-vanilla-base-4.12.14-150100.197.111.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-debugsource-4.12.14-150100.197.111.1 kernel-vanilla-devel-4.12.14-150100.197.111.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.111.1 o openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.111.1 kernel-debug-base-debuginfo-4.12.14-150100.197.111.1 o openSUSE Leap 15.4 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.111.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.111.1 o openSUSE Leap 15.4 (s390x): kernel-default-man-4.12.14-150100.197.111.1 kernel-zfcpdump-man-4.12.14-150100.197.111.1 o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-4.12.14-150100.197.111.1 kernel-vanilla-base-4.12.14-150100.197.111.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-debugsource-4.12.14-150100.197.111.1 kernel-vanilla-devel-4.12.14-150100.197.111.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.111.1 o openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.111.1 kernel-debug-base-debuginfo-4.12.14-150100.197.111.1 o openSUSE Leap 15.3 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.111.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.111.1 o openSUSE Leap 15.3 (s390x): kernel-default-man-4.12.14-150100.197.111.1 kernel-zfcpdump-man-4.12.14-150100.197.111.1 o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 reiserfs-kmp-default-4.12.14-150100.197.111.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1 o SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 reiserfs-kmp-default-4.12.14-150100.197.111.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-150100.197.111.1 kernel-zfcpdump-debuginfo-4.12.14-150100.197.111.1 kernel-zfcpdump-debugsource-4.12.14-150100.197.111.1 o SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 reiserfs-kmp-default-4.12.14-150100.197.111.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1 o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-livepatch-4.12.14-150100.197.111.1 kernel-default-livepatch-devel-4.12.14-150100.197.111.1 kernel-livepatch-4_12_14-150100_197_111-default-1-150100.3.3.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 o SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150100.197.111.1 cluster-md-kmp-default-debuginfo-4.12.14-150100.197.111.1 dlm-kmp-default-4.12.14-150100.197.111.1 dlm-kmp-default-debuginfo-4.12.14-150100.197.111.1 gfs2-kmp-default-4.12.14-150100.197.111.1 gfs2-kmp-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 ocfs2-kmp-default-4.12.14-150100.197.111.1 ocfs2-kmp-default-debuginfo-4.12.14-150100.197.111.1 o SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 reiserfs-kmp-default-4.12.14-150100.197.111.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1 o SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 o SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 o SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 reiserfs-kmp-default-4.12.14-150100.197.111.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1 References: o https://www.suse.com/security/cve/CVE-2021-39713.html o https://www.suse.com/security/cve/CVE-2021-45868.html o https://www.suse.com/security/cve/CVE-2022-0812.html o https://www.suse.com/security/cve/CVE-2022-0850.html o https://www.suse.com/security/cve/CVE-2022-1016.html o https://www.suse.com/security/cve/CVE-2022-1048.html o https://www.suse.com/security/cve/CVE-2022-23036.html o https://www.suse.com/security/cve/CVE-2022-23037.html o https://www.suse.com/security/cve/CVE-2022-23038.html o https://www.suse.com/security/cve/CVE-2022-23039.html o https://www.suse.com/security/cve/CVE-2022-23040.html o https://www.suse.com/security/cve/CVE-2022-23041.html o https://www.suse.com/security/cve/CVE-2022-23042.html o https://www.suse.com/security/cve/CVE-2022-26490.html o https://www.suse.com/security/cve/CVE-2022-26966.html o https://www.suse.com/security/cve/CVE-2022-28356.html o https://www.suse.com/security/cve/CVE-2022-28388.html o https://www.suse.com/security/cve/CVE-2022-28389.html o https://www.suse.com/security/cve/CVE-2022-28390.html o https://bugzilla.suse.com/1189562 o https://bugzilla.suse.com/1193738 o https://bugzilla.suse.com/1194943 o https://bugzilla.suse.com/1195051 o https://bugzilla.suse.com/1195254 o https://bugzilla.suse.com/1195353 o https://bugzilla.suse.com/1196018 o https://bugzilla.suse.com/1196114 o https://bugzilla.suse.com/1196433 o https://bugzilla.suse.com/1196468 o https://bugzilla.suse.com/1196488 o https://bugzilla.suse.com/1196514 o https://bugzilla.suse.com/1196639 o https://bugzilla.suse.com/1196761 o https://bugzilla.suse.com/1196830 o https://bugzilla.suse.com/1196836 o https://bugzilla.suse.com/1196942 o https://bugzilla.suse.com/1196973 o https://bugzilla.suse.com/1197227 o https://bugzilla.suse.com/1197331 o https://bugzilla.suse.com/1197366 o https://bugzilla.suse.com/1197391 o https://bugzilla.suse.com/1198031 o https://bugzilla.suse.com/1198032 o https://bugzilla.suse.com/1198033 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+A9ONLKJtyKPYoAQhKYA//ZQR2eVEsy/We3smMmZ+9rnJSvB3xL+Tu HJj/jtXBxosXxTyqrglC9EdLIpqJsQrhcyfvxeDe5IzNoxDLvJ0yCchNeDb/RpPS zXnZud86JD8xeZi6pC0xHlal5iwEk00MJKm2PrxMEmA4/XPJ0bP2M1cARY5SWq/a oSa0F9NjjOCyPZEHtbky4x3rPJV1Mvz5U+28NG1LuHYejsl1klGbvmRVEBqgYJcB 0aDI/QYRrkGG6LZhX67/q/Z1A+EXHfpMsaOCTH9ogrVTJCB1Pwe+Lc0qM5DVYnIR NRYGn70g51hb2LBU6YwSOGEKEhIJSEOkipZS5QjZdp+fx4EGnWRGAQd4C9iL7+qs 49Qz5onu3+s69susHsb3R+rT77tp83/YDs++2fgSPdhb9rwt6GSYA0UJX/MuWxJ/ HcpN0Pok22oI3PCmX40l3ELeKL+FJhBJ3XOIW0Jz1fBJdNlaUhClI9indDYHB4gC 0UcYhpq+4mvB2o+cAEVgoi0AJtuIecXN/0htXptnICriLZNiA7Ih3d2bR4ApVvN9 BGRJw+c0vG03sjzlU88zzpB4GLZwkE3ZpXFPlvd3vzk8KUefpFLAPhlUqqZZrxj5 cgxnbWcTCuJaa/2ER3KWPaP4difM2Ml33ty8DFGEUEl3BxI3cA1B5MItlT0gICPr UbQ31qNsdR8= =XfpL -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1689 - [SUSE] Linux Kernel: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1689 Security update for the Linux Kernel 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-28390 CVE-2022-28389 CVE-2022-28388 CVE-2022-28356 CVE-2022-27666 CVE-2022-26966 CVE-2022-26490 CVE-2022-23042 CVE-2022-23041 CVE-2022-23040 CVE-2022-23039 CVE-2022-23038 CVE-2022-23037 CVE-2022-23036 CVE-2022-1048 CVE-2022-1016 CVE-2022-0886 CVE-2022-0850 CVE-2022-0812 CVE-2021-45868 CVE-2021-39713 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221255-1 Comment: CVSS (Max): 7.5 CVE-2022-23042 (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1255-1 Rating: important References: #1189562 #1194943 #1195051 #1195353 #1196018 #1196114 #1196468 #1196488 #1196514 #1196639 #1196761 #1196830 #1196836 #1196942 #1196973 #1197131 #1197227 #1197331 #1197366 #1197391 #1198031 #1198032 #1198033 Cross-References: CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-0886 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that solves 20 vulnerabilities, contains one feature and has three fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: o CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc# 1197391). o CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227). o CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033). o CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). o CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). o CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma (bsc #1196639). o CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc# 1197331). o CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761). o CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836). o CVE-2022-0886: Fix possible buffer overflow in ESP transformation (bsc# 1197131). o CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366). o CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1196973). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488). CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory (bsc#1196830). The following non-security bugs were fixed: o ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc# 1196018). o macros.kernel-source: Fix coditional expansion. Fixes: bb95fef3cf19 ("rpm: Use bash for %() expansion (jsc#SLE-18234).") o net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc# 1196018). o net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). o net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). o rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. o sr9700: sanity check for packet length (bsc#1196836). o usb: host: xen-hcd: add missing unlock in error path (git-fixes). o xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1255=1 o SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1255=1 o SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1255=1 o SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1255=1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1255=1 o SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-1255=1 Package List: o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150000.150.89.1 kernel-default-base-4.12.14-150000.150.89.1 kernel-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debugsource-4.12.14-150000.150.89.1 kernel-default-devel-4.12.14-150000.150.89.1 kernel-default-devel-debuginfo-4.12.14-150000.150.89.1 kernel-obs-build-4.12.14-150000.150.89.1 kernel-obs-build-debugsource-4.12.14-150000.150.89.1 kernel-syms-4.12.14-150000.150.89.1 kernel-vanilla-base-4.12.14-150000.150.89.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debugsource-4.12.14-150000.150.89.1 reiserfs-kmp-default-4.12.14-150000.150.89.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.89.1 o SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150000.150.89.1 kernel-docs-4.12.14-150000.150.89.1 kernel-macros-4.12.14-150000.150.89.1 kernel-source-4.12.14-150000.150.89.1 o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150000.150.89.1 kernel-default-base-4.12.14-150000.150.89.1 kernel-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debugsource-4.12.14-150000.150.89.1 kernel-default-devel-4.12.14-150000.150.89.1 kernel-default-devel-debuginfo-4.12.14-150000.150.89.1 kernel-obs-build-4.12.14-150000.150.89.1 kernel-obs-build-debugsource-4.12.14-150000.150.89.1 kernel-syms-4.12.14-150000.150.89.1 kernel-vanilla-base-4.12.14-150000.150.89.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debugsource-4.12.14-150000.150.89.1 reiserfs-kmp-default-4.12.14-150000.150.89.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.89.1 o SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.89.1 kernel-docs-4.12.14-150000.150.89.1 kernel-macros-4.12.14-150000.150.89.1 kernel-source-4.12.14-150000.150.89.1 o SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150000.150.89.1 kernel-zfcpdump-debuginfo-4.12.14-150000.150.89.1 kernel-zfcpdump-debugsource-4.12.14-150000.150.89.1 o SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debugsource-4.12.14-150000.150.89.1 kernel-default-livepatch-4.12.14-150000.150.89.1 kernel-livepatch-4_12_14-150000_150_89-default-1-150000.1.3.1 kernel-livepatch-4_12_14-150000_150_89-default-debuginfo-1-150000.1.3.1 o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150000.150.89.1 kernel-default-base-4.12.14-150000.150.89.1 kernel-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debugsource-4.12.14-150000.150.89.1 kernel-default-devel-4.12.14-150000.150.89.1 kernel-default-devel-debuginfo-4.12.14-150000.150.89.1 kernel-obs-build-4.12.14-150000.150.89.1 kernel-obs-build-debugsource-4.12.14-150000.150.89.1 kernel-syms-4.12.14-150000.150.89.1 kernel-vanilla-base-4.12.14-150000.150.89.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debugsource-4.12.14-150000.150.89.1 o SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.89.1 kernel-docs-4.12.14-150000.150.89.1 kernel-macros-4.12.14-150000.150.89.1 kernel-source-4.12.14-150000.150.89.1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150000.150.89.1 kernel-default-base-4.12.14-150000.150.89.1 kernel-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debugsource-4.12.14-150000.150.89.1 kernel-default-devel-4.12.14-150000.150.89.1 kernel-default-devel-debuginfo-4.12.14-150000.150.89.1 kernel-obs-build-4.12.14-150000.150.89.1 kernel-obs-build-debugsource-4.12.14-150000.150.89.1 kernel-syms-4.12.14-150000.150.89.1 kernel-vanilla-base-4.12.14-150000.150.89.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debugsource-4.12.14-150000.150.89.1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150000.150.89.1 kernel-docs-4.12.14-150000.150.89.1 kernel-macros-4.12.14-150000.150.89.1 kernel-source-4.12.14-150000.150.89.1 o SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150000.150.89.1 cluster-md-kmp-default-debuginfo-4.12.14-150000.150.89.1 dlm-kmp-default-4.12.14-150000.150.89.1 dlm-kmp-default-debuginfo-4.12.14-150000.150.89.1 gfs2-kmp-default-4.12.14-150000.150.89.1 gfs2-kmp-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debugsource-4.12.14-150000.150.89.1 ocfs2-kmp-default-4.12.14-150000.150.89.1 ocfs2-kmp-default-debuginfo-4.12.14-150000.150.89.1 References: o https://www.suse.com/security/cve/CVE-2021-39713.html o https://www.suse.com/security/cve/CVE-2021-45868.html o https://www.suse.com/security/cve/CVE-2022-0812.html o https://www.suse.com/security/cve/CVE-2022-0850.html o https://www.suse.com/security/cve/CVE-2022-0886.html o https://www.suse.com/security/cve/CVE-2022-1016.html o https://www.suse.com/security/cve/CVE-2022-1048.html o https://www.suse.com/security/cve/CVE-2022-23036.html o https://www.suse.com/security/cve/CVE-2022-23037.html o https://www.suse.com/security/cve/CVE-2022-23038.html o https://www.suse.com/security/cve/CVE-2022-23039.html o https://www.suse.com/security/cve/CVE-2022-23040.html o https://www.suse.com/security/cve/CVE-2022-23041.html o https://www.suse.com/security/cve/CVE-2022-23042.html o https://www.suse.com/security/cve/CVE-2022-26490.html o https://www.suse.com/security/cve/CVE-2022-26966.html o https://www.suse.com/security/cve/CVE-2022-28356.html o https://www.suse.com/security/cve/CVE-2022-28388.html o https://www.suse.com/security/cve/CVE-2022-28389.html o https://www.suse.com/security/cve/CVE-2022-28390.html o https://bugzilla.suse.com/1189562 o https://bugzilla.suse.com/1194943 o https://bugzilla.suse.com/1195051 o https://bugzilla.suse.com/1195353 o https://bugzilla.suse.com/1196018 o https://bugzilla.suse.com/1196114 o https://bugzilla.suse.com/1196468 o https://bugzilla.suse.com/1196488 o https://bugzilla.suse.com/1196514 o https://bugzilla.suse.com/1196639 o https://bugzilla.suse.com/1196761 o https://bugzilla.suse.com/1196830 o https://bugzilla.suse.com/1196836 o https://bugzilla.suse.com/1196942 o https://bugzilla.suse.com/1196973 o https://bugzilla.suse.com/1197131 o https://bugzilla.suse.com/1197227 o https://bugzilla.suse.com/1197331 o https://bugzilla.suse.com/1197366 o https://bugzilla.suse.com/1197391 o https://bugzilla.suse.com/1198031 o https://bugzilla.suse.com/1198032 o https://bugzilla.suse.com/1198033 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+A6eNLKJtyKPYoAQiR6A/+MclsZP4jJbXThIkvpmbnFzsnQG2F66ag KdPfspJY+8Acrsd31jz6IXl2jaCsakTRyobB3M/PMSCA4rPJS7MuqCN2dxtFOisK Vffj0cd851lCYGY2xWhU9GwlyOX0rPHb6B6sIMRo5cBnrDD0NwHTubEfRYO/tpbg qjBBKx5bOMAooQgghCZEfiqdEgOAZu9memeteZrT6P0KxGq0GCVPELmwujpo0LE/ fpk9wHR9GrfUWqp6TBP0msUyTWzginmshQ5CfiuceIbB9T9IlHA1aDi4qdbE8q/a QRpAOPd8ls/4U/7uyYBmUJke+bu2nTX9/LFKEKPf8EYsVsL9Xd8q3levCPRJ7vVF GbLoHCMVR9Qjc6eUm4BoLyO3KRFbOOX/VGgC+rEWQiuzWvvyXDY/rmQgnnwr1UmA BxCu0wNkyUxxuW7h7QMGCzZAo5PBiPj5dqkAmWbk4pZlC9Ux8WwmDJqGwDTQ//mP /BoPio9zgoT4ibhiYR9+d8SlOqFejwVvY37UQam56huWn9aNl1LycjAOqTlsbkpD y30G9XIjBHgJUpVpO+zY3sKxKx1n/SZfyw+97yZCznLEJP4QAihtUt7942GiIeOb 4AxHzr0GTTL9KnR8pkni82c5KpWMMnr0Mijps1hQs+AWTsd43qvN7hW+BYYtp2Zz 7TDUkGYT3WQ= =tohZ -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1688 - [SUSE] Linux Kernel: CVSS (Max): 7.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1688 Security update for the Linux Kernel (Live Patch 27 for SLE 15) 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-27666 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221261-1 Comment: CVSS (Max): 7.7 CVE-2022-27666 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1261-1 Rating: important References: #1197133 Cross-References: CVE-2022-27666 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-150_83 fixes one issue. The following security issue was fixed: o CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1261=1 Package List: o SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_83-default-3-150000.2.1 kernel-livepatch-4_12_14-150_83-default-debuginfo-3-150000.2.1 References: o https://www.suse.com/security/cve/CVE-2022-27666.html o https://bugzilla.suse.com/1197133 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+A3eNLKJtyKPYoAQj40A//ZLDOublWKphvwgpH2xPwbTt1825Qpy6Q BDUFHEynznAvvlFhw+oWyP6/ZRWf2JQkg0wlTax4pzXZYMpNz3lua85T9XT7PYqH o72HZtk6NBG1aeN621KFdVFKcNOiGx3O8UqbS9Vb0AQta3DABBsDiu/XODJFfq0Z lIBljq5VSmePElSnNz2lo6ztImTeW6sI/KeUS1h0e94Y8pR/31vW+AagOP2J8V/a 1JpqNtIPGcrNKQp/5wNUk7PWCFDDOAfxF0AMM4y6dw6u8LTwD7fHJdn06SkVXJtt 2M7AhB3NQ2qXIbUpNYnoygZ4LiEs90G7lmMehPofsPMKb4tfaElFbS9Eh94WLVFF tvKgPV5T8XygvXsNyOcrl/9D01RaKqWvdqbOPtAvLF4iWlHLBj1Zswv6nVEdpIac x2DYBsbP6nY/3mlKB4GJ4KETD6vAfkeAEtQuFvlLDxKVNr6RNmcW9+odc9SMIBZn 6Q7oUNZ+gUq619jxP8eCqJ7t816JHZXzUfMxKfUFuBug/B5Aqk7Ze6eye2JNxu8/ V2LSIK1/sPZBVotD8NZHqbu9XycMJK2ZI+L9vUy0lTkcfYsiB7liu/IC3sGVwKiz pADjsLRl4Ou6KrIIwa0DZH39z61G5N+KaXHmSVvo7TR0N7yzUDntr8CXLvUHAHSx 6l8zdz8PWE4= =eGZo -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1687 - [SUSE] tomcat: CVSS (Max): None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1687 Security update for tomcat 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tomcat Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221217-1 Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1217-1 Rating: important References: #1198136 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: o Deprecate getResources() and always return null (bsc#1198136). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1217=1 o SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1217=1 o SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1217=1 o SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1217=1 o SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1217=1 Package List: o SUSE OpenStack Cloud Crowbar 9 (noarch): tomcat-9.0.36-3.87.1 tomcat-admin-webapps-9.0.36-3.87.1 tomcat-docs-webapp-9.0.36-3.87.1 tomcat-el-3_0-api-9.0.36-3.87.1 tomcat-javadoc-9.0.36-3.87.1 tomcat-jsp-2_3-api-9.0.36-3.87.1 tomcat-lib-9.0.36-3.87.1 tomcat-servlet-4_0-api-9.0.36-3.87.1 tomcat-webapps-9.0.36-3.87.1 o SUSE OpenStack Cloud 9 (noarch): tomcat-9.0.36-3.87.1 tomcat-admin-webapps-9.0.36-3.87.1 tomcat-docs-webapp-9.0.36-3.87.1 tomcat-el-3_0-api-9.0.36-3.87.1 tomcat-javadoc-9.0.36-3.87.1 tomcat-jsp-2_3-api-9.0.36-3.87.1 tomcat-lib-9.0.36-3.87.1 tomcat-servlet-4_0-api-9.0.36-3.87.1 tomcat-webapps-9.0.36-3.87.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): tomcat-9.0.36-3.87.1 tomcat-admin-webapps-9.0.36-3.87.1 tomcat-docs-webapp-9.0.36-3.87.1 tomcat-el-3_0-api-9.0.36-3.87.1 tomcat-javadoc-9.0.36-3.87.1 tomcat-jsp-2_3-api-9.0.36-3.87.1 tomcat-lib-9.0.36-3.87.1 tomcat-servlet-4_0-api-9.0.36-3.87.1 tomcat-webapps-9.0.36-3.87.1 o SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.87.1 tomcat-admin-webapps-9.0.36-3.87.1 tomcat-docs-webapp-9.0.36-3.87.1 tomcat-el-3_0-api-9.0.36-3.87.1 tomcat-javadoc-9.0.36-3.87.1 tomcat-jsp-2_3-api-9.0.36-3.87.1 tomcat-lib-9.0.36-3.87.1 tomcat-servlet-4_0-api-9.0.36-3.87.1 tomcat-webapps-9.0.36-3.87.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): tomcat-9.0.36-3.87.1 tomcat-admin-webapps-9.0.36-3.87.1 tomcat-docs-webapp-9.0.36-3.87.1 tomcat-el-3_0-api-9.0.36-3.87.1 tomcat-javadoc-9.0.36-3.87.1 tomcat-jsp-2_3-api-9.0.36-3.87.1 tomcat-lib-9.0.36-3.87.1 tomcat-servlet-4_0-api-9.0.36-3.87.1 tomcat-webapps-9.0.36-3.87.1 References: o https://bugzilla.suse.com/1198136 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+A0uNLKJtyKPYoAQg1OxAAhKjwT4sg3GWdJ8ttMxsXBjKRwOCuTCtF FmrW/bOaaf1DYfe6WvWKw3gCJeFmbPx5R+GH/LdIHkmwU8VW8CKvBD7+7HhlX3W+ jYpk4JbG0I46F/BmUnvPKDCVXYwY91YvHqvbU1tFMmyA38AmKUUAiDEFKM6bOomQ LTU8qKwIpW5nmX9bLWJWs3xi1ZxgVQ/c0RACl9nCC+y8pGwPNgJZfdImeFfBOLUr hcTzFw82QH3wmFGNuOMWHyHjvoeK24IzGBS28/p8aqOz+NdnAtXUdPlJmeZsjV7o /qOOaRtXakoTFlkErjoRMBmlm6RbgwwHzMUtmmVjySrHUC/Gy2iCZM8i50YYjG7T ZHVQCe1GBDrfehU90CYXl4OC4QYGKTY0x7PwgOjV2XOqW7gSpRayNJeceFwfxQSG BJBgpz8wMF8XsHnCJxjhYz4x9zPpSwtIkRxYaYpqO0kYuPfrlZeMd0aK3Q4AQUbV efVNaLbUwdslW62gsgw+StPYjJ5XiyZb50/ivnYII4UVRhGvviccgT/kir7mhn9r x7+WdRj5LWX2yijwILV+DJKkCKEtnPKxpqkgezYVvfB/kjWyu+4gfrXKnNIrwbDe dzeNMKswmBVFzim06mQxHMmCYuwxlaRaSHmmSkbR0Ln9d5IYmFctdVKLT/NxIpF/ yhXdgpvER+Y= =xz5u -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1686 - [SUSE] yaml-cpp: CVSS (Max): 5.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1686 Security update for yaml-cpp 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: yaml-cpp Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2019-6292 CVE-2019-6285 CVE-2018-20574 CVE-2018-20573 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221073-2 Comment: CVSS (Max): 5.3 CVE-2019-6292 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for yaml-cpp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1073-2 Rating: moderate References: #1121227 #1121230 #1122004 #1122021 Cross-References: CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for yaml-cpp fixes the following issues: o CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). o CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). o CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). o CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc# 1122021). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1073=1 Package List: o SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libyaml-cpp0_6-0.6.1-4.5.1 libyaml-cpp0_6-debuginfo-0.6.1-4.5.1 yaml-cpp-debugsource-0.6.1-4.5.1 References: o https://www.suse.com/security/cve/CVE-2018-20573.html o https://www.suse.com/security/cve/CVE-2018-20574.html o https://www.suse.com/security/cve/CVE-2019-6285.html o https://www.suse.com/security/cve/CVE-2019-6292.html o https://bugzilla.suse.com/1121227 o https://bugzilla.suse.com/1121230 o https://bugzilla.suse.com/1122004 o https://bugzilla.suse.com/1122021 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+Av+NLKJtyKPYoAQjehA//d3EgkmQlYhPq+lsddapUkRG4LwVRLTed Xr27agU45TdFtW23mdBYAQ+fun2BiEPdbihgLp5+BONUAhhqX5tHomAiLE6UEYYi vn7omMaPLcEqO4k77fzArcT8hWaj4EY9D3rOLI57lmKrzDvz+bNVZ6gSeFOPs1r6 jrd5LWDNftULom59/EaWikQs1v0iXU/MO/y/bXhGtLyJkSaCvewIrfL3K8KdD0Lg 6gJgCPM1f9hPJ6yx3RECIYrGaqcfCK/G1cBITRuk7pk22RoQjN6VUtU2AAQFmkkV 4qs7yDRJ4g5lblMxFtIxZOFombZxLOKsMqlATJv/XuS317IQAzPkO+qF4l10dLr7 qvDA63UTog2bXCwMdxNkC6QNOgbM040rrVuBj5MScW34BEzQ0qI5+NV3O1AOzXE3 th8XGUIMHBN1d0peioWH5c0rJYK22iWPTAeUKbYL9BffoWKRt95gN57kxR3//bW9 MoaDAnJArvr9t7l1W6Rc0iFgaU+5P77XJ+wSHudH2t+vZeLYDb57xnpSk4xYFGFI WqGbem7JwEXp9DD6Fe7ikzLVySMOXMo3JnDcfSbZ7rkLUsgAj+6ol4VwPJS08nA4 UK5UF1KznLKo5HSOx447T494IweFxK0rPknhCGLC60facvGGFsFqqcUZPckUZVxY bG1mfL5jE0Q= =cN0M -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1685 - [SUSE] zabbix: CVSS (Max): 4.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1685 Security update for zabbix 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: zabbix Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-24919 CVE-2022-24918 CVE-2022-24917 CVE-2022-24349 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221254-1 Comment: CVSS (Max): 4.6 CVE-2022-24349 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for zabbix ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1254-1 Rating: moderate References: #1196944 #1196945 #1196946 #1196947 Cross-References: CVE-2022-24349 CVE-2022-24917 CVE-2022-24918 CVE-2022-24919 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for zabbix fixes the following issues: o CVE-2022-24349: Fixed a reflected XSS in the action configuration window (bsc#1196944). o CVE-2022-24917: Fixed a reflected XSS in the service configuration window (bsc#1196945). o CVE-2022-24918: Fixed a reflected XSS in the item configuration window (bsc #1196946). o CVE-2022-24919: Fixed a reflected XSS in the graph configuration window (bsc#1196947). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1254=1 Package List: o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): zabbix-agent-4.0.12-4.15.2 zabbix-agent-debuginfo-4.0.12-4.15.2 zabbix-debugsource-4.0.12-4.15.2 References: o https://www.suse.com/security/cve/CVE-2022-24349.html o https://www.suse.com/security/cve/CVE-2022-24917.html o https://www.suse.com/security/cve/CVE-2022-24918.html o https://www.suse.com/security/cve/CVE-2022-24919.html o https://bugzilla.suse.com/1196944 o https://bugzilla.suse.com/1196945 o https://bugzilla.suse.com/1196946 o https://bugzilla.suse.com/1196947 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+AseNLKJtyKPYoAQjDSw//T0lU4N5j6BCAFq8cUNLYCec+YaqA1PCr 1vm3bVyvgvfDkTsNiNqA8LiprQYuWNq/KO3eXIkNnQmNmmhpjSjEmhImjpeH0o1L z86vGD2PSq1+Metj8RCYIATZbO96XKDp2BJhCV2Sk0DQD5BItQ0myFq4CKZeMAdM Qw5iDcmIWRscX/PUcpws37z7jH97dnb1oHBIqjekNjXjP8rsu61/dAgAwmJgTWnV Gr3pN9GY5KJkuDOMfQql7TwCB2aPKw/1DxQHOIkWMb5/z/ib6ZEo0/fO6FxGu95J dNfgaQREavSmQr6Yk1v4YDqfueHeLA3mD1tF4IELFo0n+qRw0ugg0nFpCvpIt6YI 37j1anYWlXdF15xBPcAx8TzPZvxZ7wXda1tAJuruTQCh+BiTvYaTHkMYiXkO0ASj PM0Gek9KmyiW4C1itLslnAiuISDycVYVGczKfY3eJWDShko+FwAJ5pZCforkWiyK CWlESrNa/8gW8eO/tU9+MWV3ncxEOWm06ExmUNHSrdm/Bf7HFtepD8az9Gg5K4Ep k5/pyAK2BJbPsngq/0mBniQ9tctKvqoYqWV4MWBFxUROc+XJ7UV7Dnle9l/olvow arnm4vvO7/4OpomFgzw9MKqeEm7FHUIBehW6Qwy3ttl/bcV4luSacBaKBMpPA1jY gOpHQYL13Ys= =HkP8 -----END PGP SIGNATURE-----
2022. április 20.

ESB-2022.1684 - [Ubuntu] klibc: CVSS (Max): 9.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1684 USN-5379-1: klibc vulnerabilities 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: klibc Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2021-31873 CVE-2021-31872 CVE-2021-31871 CVE-2021-31870 Original Bulletin: https://ubuntu.com/security/notices/USN-5379-1 Comment: CVSS (Max): 9.8 CVE-2021-31873 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5379-1: klibc vulnerabilities 18 April 2022 Several security issues were fixed in klibc. Releases o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS o Ubuntu 16.04 ESM o Ubuntu 14.04 ESM Packages o klibc - small utilities built with klibc for early boot Details It was discovered that klibc did not properly perform some mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. ( CVE-2021-31870 ) It was discovered that klibc did not properly handled some memory allocations on 64 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. ( CVE-2021-31871 ) It was discovered that klibc did not properly handled some file sizes values on 32 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. ( CVE-2021-31872 ) It was discovered that klibc did not properly handled some memory allocations. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. ( CVE-2021-31873 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 o klibc-utils - 2.0.7-1ubuntu5.1 o libklibc - 2.0.7-1ubuntu5.1 Ubuntu 18.04 o klibc-utils - 2.0.4-9ubuntu2.1 o libklibc - 2.0.4-9ubuntu2.1 Ubuntu 16.04 o klibc-utils - 2.0.4-8ubuntu1.16.04.4+esm1 Available with UA Infra or UA Desktop o libklibc - 2.0.4-8ubuntu1.16.04.4+esm1 Available with UA Infra or UA Desktop Ubuntu 14.04 o klibc-utils - 2.0.3-0ubuntu1.14.04.3+esm2 Available with UA Infra or UA Desktop o libklibc - 2.0.3-0ubuntu1.14.04.3+esm2 Available with UA Infra or UA Desktop After a standard system update you need to reboot your computer to make all the necessary changes. References o CVE-2021-31870 o CVE-2021-31872 o CVE-2021-31873 o CVE-2021-31871 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl+AoeNLKJtyKPYoAQh4whAAr7/j58DD2WjOpv7Go8GGNx1muiRI4+Sm m02wQaxyrErWnrhAksIW5RGxhehezkiy38D3lb9PL2pjfY1Y5mVdjXAOUuSY1cHL pkJJw0XPCMpAbjpc3DTIi5ay+PhpCxRa/2RQPMQO5ujUQQI0t3gXVlAVRKvcwpmf IO0OLZPil+R/OpioMauR7ucwa8dwTDGF3YbsukWWTSUf6iQHqj/tqBWTInjh/f3Y 6jjFcaUmCirV1zSCi69+ow+3nbKFOjXy4SaPNvucWi7WVQtud/YLIkXbHgWXfhHd e9r/M9Dva568P736kQtoZYFmroC3y5Syyvm3L9aUmAPRG+3VBB88dCVoegUKfriH Q1OE5W4AE5fUWXh60cjHX0sjWLFKQF8jKwgL5DV0QseGiKa4UQ7BdGUVR8ft8yEs A4HRg5T5MUlt1W72ONV/q4s/mr7cZcd7e2XJuSNrhA/VeGK225xN/MNbO+dHf+UO jcPhpw8FxuTTBNC3O3IS+TxTKb+DsiFaQ28u/rx7fo63m8AuxrAruWP9dkwtRAli zh9GN6jufkkd/N+IUa/Oh8aBOc4Wpmk3pOtjSak3pgyImmgjauhWebKcVaLet92j 2W1T1DJ5HTDjleN6RfrHxxkP+o1kXAquX78Cq3mtw1wbINg0JK96e7IEVWTu0iNs fBQ3lUHZLiw= =TpzN -----END PGP SIGNATURE-----
2022. április 20.

ASB-2022.0094 - [Win][UNIX/Linux] Oracle HealthCare Applications: CVSS (Max): 9.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0094 Oracle HealthCare Applications Critical Patch Update 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Oracle Health Sciences Information Manager Oracle Healthcare Data Repository Oracle Healthcare Foundation Oracle Healthcare Master Person Index Oracle Healthcare Translational Research Operating System: UNIX variants (UNIX, Linux, OSX) Windows Resolution: Patch/Upgrade CVE Names: CVE-2022-23305 CVE-2021-44832 CVE-2021-36090 CVE-2021-33037 CVE-2021-29425 Comment: CVSS (Max): 9.8 CVE-2022-23305 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OVERVIEW Multiple vulnerabilities have been identified in : o Oracle Health Sciences Information Manager, versions 3.0.1-3.0.4 o Oracle Healthcare Data Repository, versions 8.1.0, 8.1.1 o Oracle Healthcare Foundation, versions 7.3.0.1-7.3.0.4 o Oracle Healthcare Master Person Index, version 5.0.1 o Oracle Healthcare Translational Research, versions 4.1.0, 4.1.1 [1] IMPACT The vendor has provided the following information regarding the vulnerabilities: "This Critical Patch Update contains 10 new security patches for Oracle HealthCare Applications. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials." [1] CVE-2022-23305 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Data Repository. Affects: o Oracle Healthcare Data Repository 8.1.0 CVE-2021-36090 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Data Repository. Affects: o Oracle Healthcare Data Repository 8.1.0 CVE-2021-44832 6.6 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Supported versions that are affected are 3.0.1-3.0.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Health Sciences Information Manager. Successful attacks of this vulnerability can result in takeover of Oracle Health Sciences Information Manager. Affects: o Oracle Health Sciences Information Manager 3.0.1-3.0.4 o Oracle Healthcare Data Repository 8.1.1 o Oracle Healthcare Foundation 7.3.0.1-7.3.0.4 o Oracle Healthcare Master Person Index 5.0.1 o Oracle Healthcare Translational Research 4.1.1 CVE-2021-33037 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N The supported version that is affected is 4.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Healthcare Translational Research accessible data. Affects: o Oracle Healthcare Translational Research 4.1.0 CVE-2021-29425 4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Supported versions that are affected are 3.0.1-3.0.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences Information Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences Information Manager accessible data as well as unauthorized read access to a subset of Oracle Health Sciences Information Manager accessible data. Affects: o Oracle Health Sciences Information Manager 3.0.1-3.0.4 o Oracle Healthcare Data Repository 8.1.0 MITIGATION Oracle states: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem." [1] REFERENCES [1] Oracle Critical Patch Update Advisory - April 2022 https://www.oracle.com/security-alerts/cpuapr2022.html [2] Text Form of Oracle Critical Patch Update - April 2022 Risk Matrices https://www.oracle.com/security-alerts/cpuapr2022verbose.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl92QeNLKJtyKPYoAQjo7g/6Anisvt3nRCExy1VrJaZTBv6SMs8Cr4SM FuXOlHc9cJ9f8CEgC5QMVyuXMWJSszNRJbB1SsFPIvDEJR6pUrL8GR4hZuItpOjK nt+H4IDojQy7IIZJ2U+KSgO7xbv31tBZ94RYlF91wvCxtUYo0Ygy4tZYILY96GDm +XWD0ofvSV5bV0SHYqa2+hoWpJPEYeZwPSwDnYM7Kou39ErVxEE5jf4yk4+nG7qy t+SgxbqroK7ALh0RZbi5l63wyj6AlLqAxcrdLQBItQ53NE48k5odLFSofWsBOBz2 H4kfzxP2QA/YJ/JBsL//LZKyM/5At9Jb6LKAsZBshjc9LqOWJGIKr/6yN5iYwHXQ aSWhGiUJYWzlHJXQCZ4YMJpe9ME37+CmS2AI9lhP7GHvqVRr7Uj/lIvRWMVbBHy1 evh9++DRikllsVEx/JFRZFat8GMcaId41LBrT8eNu67Peu9M80ON00wANEhiBB0u 7+R/LTxErgBVd28BYlDtFl5puNAkGzKP/4EIEsU5ZTGbdmz+0qeoCpNmn0hEQVr/ qVwmiLLhwrctjjN6GyiOpOnZCKFUML/NJR1K60I3dvYWh5LhtPV9UzYl1pquBBzF kTViz+KFT4mRsVXd2o9okNtcNIh/rqcE6Ru1oM75b1m1OkG1J/FgLN8pZPbp61Hl lAPd9WYyVcM= =QksW -----END PGP SIGNATURE-----
2022. április 20.

ASB-2022.0093 - [Win][UNIX/Linux] Oracle Database Server: CVSS (Max): 7.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0093 Oracle Database Server Critical Patch Update 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Oracle Application Express Oracle Database Server Operating System: UNIX variants (UNIX, Linux, OSX) Windows Resolution: Patch/Upgrade CVE Names: CVE-2022-21498 CVE-2022-21411 CVE-2022-21410 CVE-2021-41165 CVE-2021-22569 Comment: CVSS (Max): 7.2 CVE-2022-21410 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H OVERVIEW Multiple vulnerabilities have been identified in : o Oracle Application Express, versions prior to 22.1 o Oracle Database Server, versions 12.1.0.2, 19c, 21c [1] IMPACT The vendor has provided the following information regarding the vulnerabilities: "This Critical Patch Update contains 5 new security patches plus additional third party patches noted below for Oracle Database Products. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without requiring user credentials. None of these patches are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed." [1] CVE-2022-21410 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise the affected system. Successful attacks of this vulnerability can result in takeover of the affected system. Affects: o Oracle Database - Enterprise Edition Sharding 19c CVE-2022-21498 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise the affected system. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all the affected system's accessible data. Affects: o Java VM 12.1.0.2, 19c, 21c CVE-2021-41165 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N The supported version that is affected is Prior to 22.1. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise the affected system. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in the affected system, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of the affected system's accessible data as well as unauthorized read access to a subset of the affected system's accessible data. Affects: o Oracle Application Express (CKEditor) Prior to 22.1 CVE-2022-21411 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise the affected system. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of the affected system's accessible data as well as unauthorized read access to a subset of the affected system's accessible data. Affects: o RDBMS Gateway / Generic ODBC Connectivity 12.1.0.2, 19c, 21c CVE-2021-22569 2.8 AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where the affected system executes to compromise the affected system. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of the affected system. Affects: o Oracle Spatial and Graph MapViewer (protobuf-java) 19c, 21c MITIGATION Oracle states: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem." [1] REFERENCES [1] Oracle Critical Patch Update Advisory - April 2022 https://www.oracle.com/security-alerts/cpuapr2022.html [2] Text Form of Oracle Critical Patch Update - April 2022 Risk Matrices https://www.oracle.com/security-alerts/cpuapr2022verbose.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl9tduNLKJtyKPYoAQg+yA/+MNhuigeabLXrgt7ENtQ9/i8G/Cu+2eTl DLnZ18qlyTODkKh5RX8nQvC30cfqbe1+y9izFb6V7wNNy6ZORYDUHtkrc06KF7ri MJ0IUcmJIuoYjjoCc0Hf5dijz6tO+vF9tmPV09cpipCh1kbPJtr5AXm191DFeEHt xa86NRyW9vETWdlAvZ4VKHkVXJ2BJHpE5trH+kAM3wAlGmxCxQHzzXmSf1R94kG3 vbNEM/QIPhC7Ms/MLmU++vJHJ6SyN8xCgDifMD1qAgxC/UgtDKalyfVJeAP4LIK8 jb+T7tgAysEua3eNsaNxCYBzZ0I114qBUHn/utMaVe26ndh7h68xFC3kGnyvKXWE dJKjO/HGO/N1JGR4uD4tZwuBohC/p6qZJakYV41j62mxcTsOIpC01S42d36yUN17 uVJ+xahSFnEom4JKh93vOOVnwQWGsUrLpYb/uKlAhB+Go1gvqZkqlmfiU2X5KTe8 HGjwbmOpExF5qxkPohG8Vl+J/1hokJkX3JSElThLsHz00zBkyi4Zmp6Z1OctG4Sd /beTz/393a5YyMHCOSoSj9SGwXLFXDs6z/v1Z86JOazI5N9+pcPhDUqtpm1kCMLG qP6pDp8PVfygqaOQuDUd/Hv5wmNjChWbxgNwh2liTlDSsPXPsUos7NqXgv4W4CjD L0+6TcaRAn4= =cXtl -----END PGP SIGNATURE-----
2022. április 20.

ASB-2022.0092 - [Win][UNIX/Linux] Oracle SQL Developer: CVSS (Max): 6.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0092 Oracle SQL Developer Critical Patch Update 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Oracle SQL Developer Operating System: UNIX variants (UNIX, Linux, OSX) Windows Resolution: Patch/Upgrade CVE Names: CVE-2021-44832 CVE-2020-13956 Comment: CVSS (Max): 6.6 CVE-2021-44832 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H OVERVIEW Multiple vulnerabilities have been identified in : o Oracle SQL Developer, versions prior to 21.99 [1] IMPACT The vendor has provided the following information regarding the vulnerabilities: "This Critical Patch Update contains 2 new security patches for Oracle SQL Developer. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials." [1] CVE-2021-44832 6.6 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H The supported version that is affected is Prior to 21.4.2. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle SQL Developer. Successful attacks of this vulnerability can result in takeover of Oracle SQL Developer. Affects: o Oracle SQL Developer Prior to 21.4.2 CVE-2020-13956 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N The supported version that is affected is Prior to 21.99. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SQL Developer. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle SQL Developer accessible data. Affects: o Oracle SQL Developer Prior to 21.99 MITIGATION Oracle states: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem." [1] REFERENCES [1] Oracle Critical Patch Update Advisory - April 2022 https://www.oracle.com/security-alerts/cpuapr2022.html [2] Text Form of Oracle Critical Patch Update - April 2022 Risk Matrices https://www.oracle.com/security-alerts/cpuapr2022verbose.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl9qheNLKJtyKPYoAQjLMRAAkxbZr64G0YagiqFadXt7n/EAqULTi7nO TX6Lb6+jHdTxT95JpIWDI1CsGdACEMiGVgrCC9zUP9YpataqqKQYH2aoK/sTHOgz dcHWiY4VoP0pIcqHZWTcT02ulAxTkCfYNG0daRy8NcyK//SWhLhMMkwEs54J+lZz 9y1jqvEgoyrzI+wFJo+zlpx9sqS14rBxpdA7CQ2aBJBtf+vUMorrsvSBB0ngeI2N dL2JvYSNPdFUjDPQmISQucsfGWefIwDyQKxQV2BiJek7F3j/mWZdz8UEfeHoxKe2 WlHxE91/jB/P55tF3cH93l7M8cPfl4UzEUFzS106ovQrrRe6s2pr42rDia20ib+b d9aA+R1BhQ1V0LGPclsu/k/sXhiwWRTUcLOFBoLq6n6g/dYq5Qb46HNFWtzcDndK zh14Zqw0vs0TNPbt2zbloadCmVp3H5FPA6/ujp3yGWJ/KVDSPjZm6n8/MwQA0UGx /5oKj8IirExwc2FPzdIZ6fAMEQd6zXWGfWtaEAiBNBRuLQnJg8kwgAv7TfbVx6ZD A379pO4TYXeHnLrmRI9pxsRYMQWxQPQoX/m422nFCsCO71O5wGcIGPr5n5VfXbvw 7GkfQAwN+5nrGecd354vW6fB9bYt9Q2IQQNIZqkR/2P2Yx93LCoG6VCnLyQ8wbar NuLl4YnREr0= =FhHH -----END PGP SIGNATURE-----
2022. április 20.

ASB-2022.0091 - [Win][UNIX/Linux][Virtual] Oracle Virtualization: CVSS (Max): 9.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0091 Oracle Virtualization Critical Patch Update 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Oracle Secure Global Desktop Oracle VM VirtualBox Operating System: UNIX variants (UNIX, Linux, OSX) Windows Virtualisation Resolution: Patch/Upgrade CVE Names: CVE-2022-21491 CVE-2022-21488 CVE-2022-21487 CVE-2022-21471 CVE-2022-21465 CVE-2021-40438 Comment: CVSS (Max): 9.0 CVE-2021-40438 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H OVERVIEW Multiple vulnerabilities have been identified in : o Oracle Secure Global Desktop, version 5.6 o Oracle VM VirtualBox, versions prior to 6.1.34 [1] IMPACT The vendor has provided the following information regarding the vulnerabilities: "This Critical Patch Update contains 6 new security patches for Oracle Virtualization. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials." [1] CVE-2021-40438 9.0 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H The supported version that is affected is 5.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. Affects: o Oracle Secure Global Desktop 5.6 CVE-2022-21491 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note : This vulnerability applies to Windows systems only. Affects: o Oracle VM VirtualBox Prior to 6.1.34 CVE-2022-21465 6.7 AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. Affects: o Oracle VM VirtualBox Prior to 6.1.34 CVE-2022-21471 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Affects: o Oracle VM VirtualBox Prior to 6.1.34 CVE-2022-21487 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Affects: o Oracle VM VirtualBox Prior to 6.1.34 CVE-2022-21488 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. Affects: o Oracle VM VirtualBox Prior to 6.1.34 MITIGATION Oracle states: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem." [1] REFERENCES [1] Oracle Critical Patch Update Advisory - April 2022 https://www.oracle.com/security-alerts/cpuapr2022.html [2] Text Form of Oracle Critical Patch Update - April 2022 Risk Matrices https://www.oracle.com/security-alerts/cpuapr2022verbose.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl9omONLKJtyKPYoAQgpsg//Tw/QHWFlHq0bbs+omJ+cDOJM4NbP2wdl 0gROzHSjR+biWfWuXioLtyuIpa64eTQeQYr3zt7r+dEnrN0HLavPuJsIYv/lCQ8e P7LVSa7++S4FJHzUCi2oxYueDbfe7dsvV0nHS/YQHDxqg4SwcvbYqU6vCdqrvHx2 kuOJ9MyPRVlezQhke1WlOMu2YpC4d8B7xJmyewm1jufgw+9LEf5sKvNzpuk8GQ9b 3rHcKMY1A20dccIVnxT6/pMFhExQd2MmbR6uK6S4UdUqGz68kLnuC4s3F13cgRR/ xsSriEu3OuYx6AAcvKE0EQWJ4MeXY1Tf13Qg9e2Uqfb6IDwOCAyVY7B0ek0mLicl pJU3yYDtYwKu9KXEaNCKRvE7GzAkgnRwv78AX8Kxxe+F0rJmTrDzhEKtLEhtveFG bks10LCFecLyMBcZHTQ96qPv87kSQXtW5GP4UznhXxXV9FWQj2f5oWBfZj5JnKT+ bBBl6zFJQDXotIfGopyQZesDWAM47xVT/mFAZPDySQeYwnHcs8O2LDlMqYCeCa7U t5jEeJWbytomndNnu/+zqE7pfON35o64fCaUVvWey6qvTJeciztPp/CzB5oOSdoc 85Np0ZIcN4wakMOFLKuvSvrDaUtD85GpcNd4vAVv5GR6wSrXdIzZwTcT8fUpWjBG MMh3wKW8bSY= =D1wv -----END PGP SIGNATURE-----