AusCERT - Security Bulletins

Subscribe to AusCERT - Security Bulletins hírcsatorna
Latest published security bulletins. See https://www.auscert.org.au/rss/ for feed information.
Frissítve: 46 perc 22 másodperc
2022. május 18.

ESB-2022.2435 - [Debian] openssl: CVSS (Max): 9.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2435 openssl security update 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openssl Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-1292 Original Bulletin: https://lists.debian.org/debian-security-announce/2022/msg00107.html Comment: CVSS (Max): 9.8 CVE-2022-1292 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5139-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2022-1292 Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands. For the oldstable distribution (buster), this problem has been fixed in version 1.1.1n-0+deb10u2. For the stable distribution (bullseye), this problem has been fixed in version 1.1.1n-0+deb11u2. We recommend that you upgrade your openssl packages. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKD8YIACgkQEMKTtsN8 Tjbf/Q/9EeIjNdesEYJjq1KlyR2YB1xrDqXu62JsgberEXwKjXj1qPLV8yfTqTDr h9lq0Q7GTbE9cOREfD9A0iyY8I4bTPsHUtqQXmFJBcxYX+JBW7WFQrioXa14SWw9 XVBWjIg0JbCxR0paYjZs5PZ7pJGqkFfbf1atsVyjM+qfkUZ0N8G70qdhIdUA71dH gCOPdG4NbbuQlEs+mSwjos4WlAtKw6E/OzY7wd/5DvLfQgRJNCHRKDBczzn60UPm X2dOLOkNgZgH67cdHDnKwJGQ2XwQ0mjFmgsGuHe4KEh+ZOFDunCeeVaQP0sZuf0d Hsduvqb3VAJcpbR6h+JvwTqgwDikvHk3mjbqOT38mRvzQuwiJq+vTyWJPrFqTjIL lWuPmFGmQ3JrYwAs4/XtJGgDuDsmVFBesyWoHOsbORSvsdilc3PLDAAFln5Gq6Fc u2v1IK4JHugncR137Vf9h3C+voG3d5VpGP27ffAH/BrfAZ3mfMDAV70fSDXWAGgw M+zm0Cc+JdDNyS5jaM+hKuMl4SGf4xlGc8eabNGRvz9ONJ3Dve4sL93OlTrSMhMz Sg3NcdX5RaZ030w8KH9yGhI9HZZaOaJ5a7TZ8+jYTF1mIza3N3X86Vk9dBBdWAv9 xIowwsw+u2Hv4lb1Lt+lDIHewG8dCmWVbv99AgBt7omXZz1REJs= =8cyP - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRqXMkNZI30y1K9AQgJ8w/9HnY/B2gwMy+OALfOcBSgpoyDRkRF9XJb 5am4/hqdgkt1yWRb7ys6j7EwKoS95EuS5XN/ohClcpM+auYG+gopD64XGsC/HQC4 v3/zgX4otxu7F90oxIyEHcg/qHTdriS3HOq8lhHiGi5v8nfnbOUQ2jjlg6R7YbM8 SAr2U8ZnteQgKa+dcotPpdS27MGENgeSXRUFnNK0fBVaGv08hh/C62UqclIhwekZ THkha7G/2b2tTU+rXxmGMI+gp6PQOOkABKOkbIKpQjTLrgE3c/eISohFSVONmLqR NabqI/T2vooujJiNaOTUfnSibBBGSKwKxCjl+4r3tm5eZ2UPGnK4u0LJmhCXQxO3 +XRbPI5mQmea1ZYCEMQ8AP/ayYPCIY94RlsIRdNnTySqqVhEzrsUwuiiWKytUHco yKRFLowuNWMWFYf8MeNwRpyUoDJK9n5QVm+HumWY8tTyovfhatfTeVLBSx4db0OX ZxtPwasuXbrIxqyM2Bfk+wltNppFcPKkJ8DgLaoVoPY8+hmh2J6JguQHhDJfGQiR rWo0teRP+iwcoEYG/ostaLtoO6hUTYmPcbhYwtFpeI5DOAGFFvSQt1ngluNP4p8y oSunGYHFWJH9v0XfKKIRo5OeUHT3HWJCDelTKQcX4d+vTuP45gS6hd0vAzI/gGva Dt6MdPfW/Sc= =x0Ue -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2434 - [Debian] waitress: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2434 waitress security update 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: waitress Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-24761 Original Bulletin: https://lists.debian.org/debian-security-announce/2022/msg00106.html Comment: CVSS (Max): 7.5 CVE-2022-24761 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5138-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : waitress CVE ID : CVE-2022-24761 Debian Bug : 1008013 It was discovered that the Waitress WSGI server was susceptible to HTTP request smuggling in some scenarios when used behind a proxy. For the oldstable distribution (buster), this problem has been fixed in version 1.2.0~b2-2+deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 1.4.4-1.1+deb11u1. We recommend that you upgrade your waitress packages. For the detailed security status of waitress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/waitress Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKD8WsACgkQEMKTtsN8 Tjb1Bw//WO0r4iACwUTMxAPD5EowBLhLcywGHly+MDEN1/2HHBq/wRhJK5J7HNt+ wdeYcbeJe8Jjm0iKnN8uetu+vr4wWRF33pDXj8GrT06chctnCwv4hEKpMTZLOZuw 2CaW5c80eKMGM7MVVjSYzCXGZ2Xp8pJml3J4T3u8V9KgW6QzPX6vKVzeQkWEpXFP 4uN35ZcPTgDWmBdtKaH76DwxB8roaN98ZgPQGsvhs6OLHqifDIik5q03zZPylJD2 Ji81zKIjBhQbsyOnE8lrtE4h7RvgjTldl5dkzK9QQYnRFq8B8lLJHZdnZGlfGvD8 /dccVQT+UJWdV14fe5amlMBsbbs2gn0QwQmHLYYACVdQXo6dY7VQgy9uIUO8CaR+ QHEJYZFz4ddaPOkjfq7MyjPPXzM4RnbG2Vbr73hrfhnSFPmZfzc0hqjHKJVqBAOK ZU3mYEr0whU2CqG5ERRspQCdgSckV1rmtw8odWdkP8nmj4ZgCMtbScJCkfPEpwP2 83FPPh8+P9Rudom8RQvduHjr/3HweVvYGfmcws2QV+ffGiz7rwaiKZPG+fjFyXrq UUBrFeseVsgaCEmq0x5S3r9XgL0YI7zXqNyTDZKDF5SrbRC7FVuPOzR1/kzZo2l2 DE5bBtA+ViL7Oqqo0AkAy1rLh6gTMnmwLBKz6okgCkgRQYefrrg= =zbZ1 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRqN8kNZI30y1K9AQi3kA/+IuoFmDAbv5lqEsULNRDXn8hq9JhnaEW+ oJcPxL6gG+J1kGY2L05Uq6OAIT8IqPbwWFSpH5mvInmxE6lN4rZzYuSW233LGYvN ev4yfPgcCRnmqUVWqVUEVtli7bfPpshTuR/0XIMzZkhCZn6Vj/pMJgUQ637I0vSE yp/R1RiNyih4bv7+aen0tdQXtQ9NPZwAORIE4l/+qbnYbyMhRzjxDdviI7jMZ+3C Y2j1RsNSu81ij/qgn8YfRt7jYTWSF3MtrxkCTXI3jti0d0Sd1dM6fVgmY6BbTe5V 3CMaEIuGMgLaF8gVfhYzU5umzQ2uKr0B+rVfe8f8tomUljfelvrd0tQ4EvGhaMeX 2igwsYrfNSzZX0uwayITLg9ykDaBq1yG1OOpY1si9Y3a18xdQW/w6T/H9CrYWv5v GRrtLRnSFsvEcn9l/fC7k60+CR8k+1wjbW3rdwMDgiz8FPzpDosBPhNJpymLMCJI Kx97LgeN48z4bKnKHc1FUqsA3Ii/tDKWEFECMUonUtE/yySk+Kq6MIljor8GswXU IAfRDnaDY+PcqGOowrf2QQArAPWJFRWn+wX15T1uBMcqjh0zv6afAdMpS/8tbQO7 /DgJDKE4W87YJqC5qNY1ObngSkYXdQ7tPqiXPPkHBqJsYlnzmhBunRy89jgCQnGn lYtp5WVKsmk= =cK50 -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2433 - [Ubuntu] needrestart: CVSS (Max): None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2433 USN-5426-1: needrestart vulnerability 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: needrestart Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2022-30688 Original Bulletin: https://ubuntu.com/security/notices/USN-5426-1 Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5426-1: needrestart vulnerability 17 May 2022 needrestart could be made to run programs. Releases o Ubuntu 22.04 LTS o Ubuntu 21.10 o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS Packages o needrestart - check which daemons need to be restarted after library upgrades Details Jakub Wilk discovered that needrestart incorrectly used some regular expressions. A local attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 o needrestart - 3.5-5ubuntu2.1 Ubuntu 21.10 o needrestart - 3.5-4ubuntu2.1 Ubuntu 20.04 o needrestart - 3.4-6ubuntu0.1 Ubuntu 18.04 o needrestart - 3.1-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References o CVE-2022-30688 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRqBckNZI30y1K9AQilsg/+JT+/2iZguvyXZjWVojKps0hPIFbgTIOD bl0bEw015rtDVQmQojGo2PIXOJ2Ugwa3D/Ok2N9o1gcuLhP6mnec8To8l1Ud5L0x ny2q82e2cSicLys9tt/r31BMUb21hCWTNWOrBCde4Ig8GKtXIiisxjgsDfsufARl 423OD9nUH3WU5+6i6F0TsnnccE1TEZ5TLkQ+ZfogXRq47qrQI9q9Lh169Ud6vuKH a+NN1EVDc5itu74XgdcrdZvO2XA96uHB5C/0mz9R0tZc8YXjM5iZ183MTR7TKsGd sCrdL+GKULaf49VUugRrxuxbdEJgUjwt7Z7NWeTN0D/1e6bme5CR7EnTM2R6VMbu Osjmdx0hQCcwxiZUCuG3uzf9cArqaBbOB+w9jLLisx4OJv/Nb6Q39TB/djSA+fw5 e1pomkvfydrKLTZX2AVmO8PvpSfAl4PFV5o6Vp3hDk6eorAaOahT/axOq+5SViIm /Cmi7AhL3YSJwSnN4ud4PxEhgtHiCBioY+usaL5NIEGgrE2GaRo1cfO1+VgTPbgL D4dBECDrqdiuAzYGdMJgl0RHwzxbKj8Fij6rlYZxgYHAo/ehdcm6ua+CATEcGAtq jf5zYMNiUWGP9CYEl5zTFjsaznNiDEaUHZpzIwNd6uJIjV3rLhgRMnSzEPaTv145 +9NPErrGYDk= =+X9w -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2432 - [Ubuntu] Apport: CVSS (Max): None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2432 USN-5427-1: Apport vulnerabilities 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apport Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2022-28658 CVE-2022-28657 CVE-2022-28656 CVE-2022-28655 CVE-2022-28654 CVE-2022-28652 CVE-2022-1242 CVE-2021-3899 Original Bulletin: https://ubuntu.com/security/notices/USN-5427-1 Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5427-1: Apport vulnerabilities 17 May 2022 Several security issues were fixed in Apport. Releases o Ubuntu 22.04 LTS o Ubuntu 21.10 o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS Packages o apport - automatically generate crash reports for debugging Details Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. ( CVE-2021-3899 ) Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue to connect to arbitrary sockets as the root user. ( CVE-2022-1242 ) Gerrit Venema discovered that Apport incorrectly handled user settings files. A local attacker could possibly use this issue to cause Apport to consume resources, leading to a denial of service. ( CVE-2022-28652 ) Gerrit Venema discovered that Apport did not limit the amount of logging from D-Bus connections. A local attacker could possibly use this issue to fill up the Apport log file, leading to denial of service. ( CVE-2022-28654 ) Gerrit Venema discovered that Apport did not filter D-Bus connection strings. A local attacker could possibly use this issue to cause Apport to make arbitrary network connections. ( CVE-2022-28655 ) Gerrit Venema discovered that Apport did not limit the amount of memory being consumed during D-Bus connections. A local attacker could possibly use this issue to cause Apport to consume memory, leading to a denial of service. ( CVE-2022-28656 ) Gerrit Venema discovered that Apport did not disable the python crash handler before chrooting into a container. A local attacker could possibly use this issue to execute arbitrary code. ( CVE-2022-28657 ) Gerrit Venema discovered that Apport incorrectly handled filename argument whitespace. A local attacker could possibly use this issue to spoof arguments to the Apport daemon. ( CVE-2022-28658 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 o python3-apport - 2.20.11-0ubuntu82.1 o apport - 2.20.11-0ubuntu82.1 Ubuntu 21.10 o python3-apport - 2.20.11-0ubuntu71.2 o apport - 2.20.11-0ubuntu71.2 Ubuntu 20.04 o python3-apport - 2.20.11-0ubuntu27.24 o apport - 2.20.11-0ubuntu27.24 Ubuntu 18.04 o python3-apport - 2.20.9-0ubuntu7.28 o apport - 2.20.9-0ubuntu7.28 In general, a standard system update will make all the necessary changes. References o CVE-2022-28652 o CVE-2022-28658 o CVE-2022-28655 o CVE-2022-28654 o CVE-2021-3899 o CVE-2022-28657 o CVE-2022-28656 o CVE-2022-1242 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRp28kNZI30y1K9AQhhVA//aNQKn2y+zhTzWgEHq48dQzB3aaR/3J6a OgKHWhIqOuxI8r+7P6lfl56VnSGszaLRWFGV52mhkohQvo14YQQliW0UhB2/WlF0 0pZmtyaqmaRrlpf0IfLuVdYTrK8XUfvTX4sAILfLT1fvozKKWjiCImT5NgbDZT4A TLSN8GRUboAiLuKBDFZ1L2vBLFCUHLcL5ugGMHZK3HU9XrdOvi6tvlSkQlR81WPW Ne8lFUQJ7CIv8UOev9aqr0HH+vf4UEAZyFF8EJzEARBgzgilAMYSHNjYdPMjTSfe HfIC5JJJxeIFk/u9pxKrO8XM/USnuG52C2uRcBSWpiUpZjcqZR7sIG5mGPlmMJyt Py97HCDTpV37nt02nei0SfjmFoi10d6zy6GD4EinAgaurYQnwemIhYjudvbEmXLJ U5TSDD9PCPtepw7f5k+wtfOnKQa+O+Em6i6dYpN4tIVKlauMVv0E3FfXzvXH9KTi Dna1NnmpmN1AYviWYjL6bV14fdmLfB/uOhWUoiTEfiKdftiyMthgLH/G3ffqVaaR 4MKvUHmwaSnrFCYy8daZB8ZfO04dR0WhNV9PVq/CtpMt8WtwRNWYCqEoDyVIv+NR eX/nrz+hrT/o2vazR2RAe6EHn5fjiVrv5Ed6NbjOnXXqubdTzW0u0j8oqKpcOzeK OFaYADpiiXk= =k+iJ -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2431 - [Ubuntu] ClamAV: CVSS (Max): 7.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2431 USN-5423-2: ClamAV vulnerabilities 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ClamAV Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2022-20796 CVE-2022-20792 CVE-2022-20785 CVE-2022-20771 CVE-2022-20770 Original Bulletin: https://ubuntu.com/security/notices/USN-5423-2 Comment: CVSS (Max): 7.8 CVE-2022-20792 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: NVD, [SUSE] Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5423-2: ClamAV vulnerabilities 17 May 2022 Several security issues were fixed in ClamAV. Releases o Ubuntu 16.04 ESM o Ubuntu 14.04 ESM Packages o clamav - Anti-virus utility for Unix Details USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Michal Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. ( CVE-2022-20770 ) Michal Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. ( CVE-2022-20771 ) Michal Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. ( CVE-2022-20785 ) Michal Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. ( CVE-2022-20792 ) Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.( CVE-2022-20796 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 o clamav - 0.103.6+dfsg-0ubuntu0.16.04.1+esm1 Available with UA Infra or UA Desktop Ubuntu 14.04 o clamav - 0.103.6+dfsg-0ubuntu0.14.04.1+esm1 Available with UA Infra or UA Desktop This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References o CVE-2022-20771 o CVE-2022-20796 o CVE-2022-20785 o CVE-2022-20792 o CVE-2022-20770 Related notices o USN-5423-1 : clamav-testfiles, clamav, libclamav-dev, clamav-daemon, clamav-freshclam, clamav-docs, clamav-milter, clamav-base, libclamav9, clamdscan - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRpuMkNZI30y1K9AQhFKw//dZ6DDD/0F7l1Utm3yMjGmOK0mq7V7eKj f/7ZLFo9pr5e9iVEURMOmDYDY+goa0RpWoe88kwwDQ+HUSMKJYT0v7uxJ0P2LGbp J+/ls/b+rKr/PH1FtNwlbbVAwFuPoTOhupt6h+rg4s7luqZRysjURsustAJhc3Zg 4M8ufMYRXuzaj5DIjAwEsvU1EQDR5wj605dYad98H9xLP2SLIzwYxjmNzo7SzC6m aKnpYX8QI/V3hCebk3iJ9B7tpixjZy40+EEa0csjVMpPAz3KmFcXpT4Q81DczjDo YPKivuiA/o7PFpbFAPek1F8ZJMjzQq1PZUQG7noxFk92KLzqfSbrKaTFS0n2qsT1 0qPxOp3aCMVuY1O/WBQYIx18vD15o40cBfttqYtZI8HCHuxyVcofAweE1WwZ7WPE l6W05LmM1yWP/dDqsYPQZGqzM13Gyy95o/WllbxYrGrL8bzMg4+egwvnYiMC0McL y3ivH/hIIUtRKWR3nQz3bJiAIR9T+7T93YWH9vqC0/LK7ml5pwKL9BHCxD30SzB/ 5QyxRR0k2vCbVCr7AS3M+CHQvUEMtj5+ja48CmfDa4F6oROL+7CaYXtv3DSkHW11 Q4DxDAe80B+L+au/0GGG4HA+X3TTG3enAQCiRG0ujV4okjRRHjC3Dq7U6BB3t3ts f0cBpAnwGv8= =lM/j -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2430 - [Ubuntu] PCRE: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2430 USN-5425-1: PCRE vulnerabilities 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: PCRE Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2020-14155 CVE-2019-20838 CVE-2019-20454 Original Bulletin: https://ubuntu.com/security/notices/USN-5425-1 Comment: CVSS (Max): 7.5 CVE-2019-20838 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5425-1: PCRE vulnerabilities 17 May 2022 Several security issues were fixed in PCRE. Releases o Ubuntu 22.04 LTS o Ubuntu 21.10 o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS o Ubuntu 16.04 ESM o Ubuntu 14.04 ESM Packages o pcre3 - Perl 5 Compatible Regular Expression Library Details Yunho Kim discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. ( CVE-2019-20838 ) It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to have unexpected behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. ( CVE-2020-14155 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 o libpcre3 - 2:8.39-13ubuntu0.22.04.1 Ubuntu 21.10 o libpcre3 - 2:8.39-13ubuntu0.21.10.1 Ubuntu 20.04 o libpcre3 - 2:8.39-12ubuntu0.1 Ubuntu 18.04 o libpcre3 - 2:8.39-9ubuntu0.1 Ubuntu 16.04 o libpcre3 - 2:8.38-3.1ubuntu0.1~esm1 Available with UA Infra or UA Desktop Ubuntu 14.04 o libpcre3 - 1:8.31-2ubuntu2.3+esm1 Available with UA Infra or UA Desktop After a standard system update you need to restart applications using PCRE, such as the Apache HTTP server and Nginx, to make all the necessary changes. References o CVE-2020-14155 o CVE-2019-20838 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRpi8kNZI30y1K9AQhwGBAAlJVijJ1AW4oKibDhSJ8a4z4okP9I84iJ mccpKw6AHPB6GM7Vvh2eCdb/TCTUKlBdzU0cDwAOYMRC2z3e8xbsIOM+thrNsJ7z KV7v66ttpsa/j46Ltws++iKinMRNhJFImkcUZ3MIggB33LGk3UkX3wglhj0ocqzQ IkIwYnZ91e2/gQoxtCz4ITdVfDWFLNyJA3rTE3iclqOAHrnmlwf9eaRWqje/ORwr rGohurMeeCqKFs/Lhgm4ZibTlnOkPxBklphJW8WO2vqpBXQ+3viGVtVsCW7MFA6X uaqXNWffOsfFceVbJFoDUNwddOTAXwaA2MMd6fcj6vF+mv4a1vaDaeGry+694WXe N8pUauZR0LneljDopiPNmvf8TAXoxYPZuLrE3IMY3wPYTkFw/ZKK84v5UJWyjHNI WWU+UgdowZvtFfH+6Yb+9jYqG2qaJp2fVoGbQzA6opYHKW/1Ero/jILRW/EFo7Di k5qw93e9kOOSzukEyfzmYuxv20386591+d7AKkSmAWrReTfbn78RkPqzjEx1EQZg KWcfsYDJKUiiFhrLKdah+fA4c/rVGS5OdRKKg7n+4E+sqRsN6PyIcbeQ+E9k06Bi iJnRHd3gOn/IqWzuI+WpeXnQLPk4qRF38sXnKR2aqyX/YmrL5bopOwjogczu8mdB 7CSngtE7twM= =XDGI -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2429 - [Ubuntu] OpenLDAP: CVSS (Max): 9.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2429 USN-5424-1: OpenLDAP vulnerability 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: OpenLDAP Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2022-29155 Original Bulletin: https://ubuntu.com/security/notices/USN-5424-1 Comment: CVSS (Max): 9.8 CVE-2022-29155 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5424-1: OpenLDAP vulnerability 17 May 2022 OpenLDAP could be made to perform arbitrary modifications to the database. Releases o Ubuntu 22.04 LTS o Ubuntu 21.10 o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS Packages o openldap - Lightweight Directory Access Protocol Details It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 o slapd - 2.5.11+dfsg-1~exp1ubuntu3.1 Ubuntu 21.10 o slapd - 2.5.6+dfsg-1~exp1ubuntu1.1 Ubuntu 20.04 o slapd - 2.4.49+dfsg-2ubuntu1.9 Ubuntu 18.04 o slapd - 2.4.45+dfsg-1ubuntu1.11 In general, a standard system update will make all the necessary changes. References o CVE-2022-29155 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRpV8kNZI30y1K9AQhBeQ//SQEhdD4rUZRZCimc0hxsH+Jb0kea9zDP +2098ZJPsjxCoFeQjzNIa1CFNvTJ5+/f9ZqUF7uMewoAws1h7YMpn9TftBS5iJ1X W6cxUbnuhBOebVNhsr/fs+8Lp0GFhsSHuH1IzNy3dflE8kADw2tI28729iSi98P/ WmFaSFY+nR5MvDW25v0ONoQRReD5Y95zhPr2MpwRIo8YOC8IblTj1Z9USCSQmBzv NTegMsndAw5kuO6crWifajudfQq9s51IKeX+hCa0PK8R/r8QRiLy51bRkTD6nItt Y4X9Cm7jtjxntPIL/qtQj9XKCtlxX1UZLZ5jftlwA9+KWtSOzSestOXqOapM/Seg 6lOiJyTYwb05CynOpXhOSkjsOqN/4RRC0hH1pIuwy/1ePIaIO3sX4bD9GDaMoU2Q xdmA45uch7w+39ZqTYjtO88Szk3kWnxPT0QRC77A+YsFPLsYGfY/ZBBPSwHkNumP ES2jHPBTiPA/RkqSgc1JwybGfaF17VyxK1ODeHxEnbyIgjCkKfX+dcxIEoaF8ERZ vr9vJH/VqwiC+9cy3tgS9i29KtdLFFAzG2fgGkBJuCEF4NDeGqiMFAxdnXHPAHwj 2yheS2pJ8EbyhWVCUY/rFCRRLeYHmqAP32D2jRT0D1KFlWooAadFLQh5iHStCZlq fND0JGrgWFY= =vvgw -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2428 - [Ubuntu] ClamAV: CVSS (Max): 7.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2428 USN-5423-1: ClamAV vulnerabilities 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ClamAV Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2022-20796 CVE-2022-20792 CVE-2022-20785 CVE-2022-20771 CVE-2022-20770 Original Bulletin: https://ubuntu.com/security/notices/USN-5423-1 Comment: CVSS (Max): 7.8 CVE-2022-20792 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: NVD, [SUSE] Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5423-1: ClamAV vulnerabilities 17 May 2022 Several security issues were fixed in ClamAV. Releases o Ubuntu 22.04 LTS o Ubuntu 21.10 o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS Packages o clamav - Anti-virus utility for Unix Details Michal Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. ( CVE-2022-20770 ) Michal Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. ( CVE-2022-20771 ) Michal Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. ( CVE-2022-20785 ) Michal Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. ( CVE-2022-20792 ) Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.( CVE-2022-20796 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 o clamav - 0.103.6+dfsg-0ubuntu0.22.04.1 Ubuntu 21.10 o clamav - 0.103.6+dfsg-0ubuntu0.21.10.1 Ubuntu 20.04 o clamav - 0.103.6+dfsg-0ubuntu0.20.04.1 Ubuntu 18.04 o clamav - 0.103.6+dfsg-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References o CVE-2022-20770 o CVE-2022-20785 o CVE-2022-20792 o CVE-2022-20771 o CVE-2022-20796 Related notices o USN-5423-2 : clamav-testfiles, clamav, libclamav-dev, clamav-daemon, clamav-freshclam, clamav-docs, clamav-milter, clamav-base, libclamav9, clamdscan - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRpM8kNZI30y1K9AQh92Q/9FlXMw1+qHaHQkgXU5PfRco++QTyWlHBC R5+QOKG2X3r2ADX7CqC4ct9pO4vEJ2PFo5BTvWpNotdpkhtTWiTKJYwXeyBt3vkQ wrRzcYkG3/igxk58Iuq5qcBcw0ZpndGfmjvbw0unOLjxhUdX8S0qVrlvZuSp1zIu RAIx/c5SvPdDsqEw5oVNCU2BMmCNe+rFGSayTM0j68JcLAkYzX/uVj++wtISdYom YqVj392l0zF79+2Y6CtQEqPf7T7aG9rg8CpjVlVn5dquYh4RJsDZ9XRY4rvgJw44 JTO7OYKpY97ciwpM2VJHSWidieL5Tml9g42VfMgqdLt1AzCnkbmOrHPG4FFkfYO+ 19+qNxwkXMuLqzD+F/GNWshXFRnKNXafAcGXUbgIe3cM5actXaepxsc9S+cZzUs1 GlWXc+tPqqURlPTAw2hAkJh1eU5SpbodzXeLeWD+sVIC/M5z2J5dxMkISQfgVjHC 53QOfhf3G4S1+GsyojL7zYO3OVML9CEx1LTKAIbvHUj+kHLQ2m5ZkvTi8f5c7uEg oiYkATzj86vwE6ucJg+1Agieb68sj+9y5huR+QE6XY7OWh6lORA+X4yma8E3x+ld sJEHEUaeDqrOosZsDXxmKkR8NyGobxjdSuK+piN2IH4VfP4Qj1ycRJeanw0rtmxq 6XL3vy0RaLk= =LjP0 -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2427 - [SUSE] nodejs10: CVSS (Max): 8.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2427 Security update for nodejs10 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: nodejs10 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-21824 CVE-2022-0235 CVE-2021-44907 CVE-2021-44906 CVE-2021-32804 CVE-2021-32803 CVE-2021-23343 CVE-2021-3918 CVE-2021-3807 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221717-1 Comment: CVSS (Max): 8.1 CVE-2021-3918 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1717-1 Rating: important References: #1191962 #1191963 #1192153 #1192154 #1192696 #1194514 #1194819 #1197283 #1198247 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-21824 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: o CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). o CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). o CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). o CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). o CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). o CVE-2022-21824: Fixed prototype pollution via console.table (bsc#1194514). o CVE-2021-44906: Fixed prototype pollution in npm dependency (bsc#1198247). o CVE-2021-44907: Fixed insuficient sanitation in npm dependency (bsc# 1197283). o CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1717=1 o openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1717=1 o SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1717=1 o SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1717=1 o SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1717=1 o SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1717=1 o SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1717=1 o SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1717=1 o SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1717=1 o SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1717=1 o SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1717=1 o SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1717=1 o SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1717=1 o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1717=1 o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1717=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1717=1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1717=1 o SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1717=1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1717=1 o SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1717=1 o SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1717=1 o SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. I will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o openSUSE Leap 15.4 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o openSUSE Leap 15.3 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Manager Server 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Manager Retail Branch Server 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Manager Proxy 4.1 (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Manager Proxy 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server 15-SP1-BCL (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Enterprise Storage 7 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE Enterprise Storage 6 (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE Enterprise Storage 6 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 o SUSE CaaS Platform 4.0 (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 o SUSE CaaS Platform 4.0 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 References: o https://www.suse.com/security/cve/CVE-2021-23343.html o https://www.suse.com/security/cve/CVE-2021-32803.html o https://www.suse.com/security/cve/CVE-2021-32804.html o https://www.suse.com/security/cve/CVE-2021-3807.html o https://www.suse.com/security/cve/CVE-2021-3918.html o https://www.suse.com/security/cve/CVE-2021-44906.html o https://www.suse.com/security/cve/CVE-2021-44907.html o https://www.suse.com/security/cve/CVE-2022-0235.html o https://www.suse.com/security/cve/CVE-2022-21824.html o https://bugzilla.suse.com/1191962 o https://bugzilla.suse.com/1191963 o https://bugzilla.suse.com/1192153 o https://bugzilla.suse.com/1192154 o https://bugzilla.suse.com/1192696 o https://bugzilla.suse.com/1194514 o https://bugzilla.suse.com/1194819 o https://bugzilla.suse.com/1197283 o https://bugzilla.suse.com/1198247 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRpDckNZI30y1K9AQg46Q/8Dbz3kgbznWpqwbOaycG1M6bvu2RcxXN1 TwqsaM/rTsGn0IsWITl+1mCE1bGULVfj/2b11DRDLvvoUIUCr+El/F8ucmTfNpIH HMj0GV9MCmuFeanpodV60CbvDJNfb4jUid8sR6M6VGgfmvu/qPb4R2YNpxYj9b7W Eovu19SIBqpi7twT0jlky+6vztuj9oz0Kppx4hkOORa/vjvVxhezegr1ufskFCOG AieeUjqz+DZybmmFa+kxLScAA/AWOAeCdLxTc1U7YFaI8S34rMHrfKi0GoJMw3Z0 m6MErzOgFrMET3Y6z8u6LTyNvWsdccO7Ps/7I/gvMmLaRXfqa2bDOrH8RdAtth9j 8Dr87H+ndnhsti51lBJK5UgQEVoZqYFaLeBk19zHczrBwZUBIzd07re8qB6ZVPCT SyBVkT6HBb8frSwpf8zWgjLMr6/ZsoPW1TnxJujajDnI3AQqfipU4bndPk7G6vjv RT6CzFPEcGSO+UdIOwcbVqwOQeWdoUS51tG+j69jBBC6HQKfjOWOtJqKD5FDXc0j /Cxs0rxSfwOLQvF/29mASf1dS87F5kl5WHJPJf3G81LCPVs0ojAAaI+gDp8L1nl+ AGHr5CIXOZWCSS8WTL9eIGrGohMeplDG5JJuN1s/0JtdRYM1ew5xJDxS1S4dL9bo hQVjccJNmOY= =bgOF -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2426 - [SUSE] php72: CVSS (Max): None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2426 Security update for php72 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: php72 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221714-1 Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1714-1 Rating: low References: #1197644 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for php72 fixes the following issues: o Fixed filter_var bypass vulnerability (bsc#1197644). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1714=1 o SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-1714=1 Package List: o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.78.1 php72-debugsource-7.2.5-1.78.1 php72-devel-7.2.5-1.78.1 o SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.78.1 apache2-mod_php72-debuginfo-7.2.5-1.78.1 php72-7.2.5-1.78.1 php72-bcmath-7.2.5-1.78.1 php72-bcmath-debuginfo-7.2.5-1.78.1 php72-bz2-7.2.5-1.78.1 php72-bz2-debuginfo-7.2.5-1.78.1 php72-calendar-7.2.5-1.78.1 php72-calendar-debuginfo-7.2.5-1.78.1 php72-ctype-7.2.5-1.78.1 php72-ctype-debuginfo-7.2.5-1.78.1 php72-curl-7.2.5-1.78.1 php72-curl-debuginfo-7.2.5-1.78.1 php72-dba-7.2.5-1.78.1 php72-dba-debuginfo-7.2.5-1.78.1 php72-debuginfo-7.2.5-1.78.1 php72-debugsource-7.2.5-1.78.1 php72-dom-7.2.5-1.78.1 php72-dom-debuginfo-7.2.5-1.78.1 php72-enchant-7.2.5-1.78.1 php72-enchant-debuginfo-7.2.5-1.78.1 php72-exif-7.2.5-1.78.1 php72-exif-debuginfo-7.2.5-1.78.1 php72-fastcgi-7.2.5-1.78.1 php72-fastcgi-debuginfo-7.2.5-1.78.1 php72-fileinfo-7.2.5-1.78.1 php72-fileinfo-debuginfo-7.2.5-1.78.1 php72-fpm-7.2.5-1.78.1 php72-fpm-debuginfo-7.2.5-1.78.1 php72-ftp-7.2.5-1.78.1 php72-ftp-debuginfo-7.2.5-1.78.1 php72-gd-7.2.5-1.78.1 php72-gd-debuginfo-7.2.5-1.78.1 php72-gettext-7.2.5-1.78.1 php72-gettext-debuginfo-7.2.5-1.78.1 php72-gmp-7.2.5-1.78.1 php72-gmp-debuginfo-7.2.5-1.78.1 php72-iconv-7.2.5-1.78.1 php72-iconv-debuginfo-7.2.5-1.78.1 php72-imap-7.2.5-1.78.1 php72-imap-debuginfo-7.2.5-1.78.1 php72-intl-7.2.5-1.78.1 php72-intl-debuginfo-7.2.5-1.78.1 php72-json-7.2.5-1.78.1 php72-json-debuginfo-7.2.5-1.78.1 php72-ldap-7.2.5-1.78.1 php72-ldap-debuginfo-7.2.5-1.78.1 php72-mbstring-7.2.5-1.78.1 php72-mbstring-debuginfo-7.2.5-1.78.1 php72-mysql-7.2.5-1.78.1 php72-mysql-debuginfo-7.2.5-1.78.1 php72-odbc-7.2.5-1.78.1 php72-odbc-debuginfo-7.2.5-1.78.1 php72-opcache-7.2.5-1.78.1 php72-opcache-debuginfo-7.2.5-1.78.1 php72-openssl-7.2.5-1.78.1 php72-openssl-debuginfo-7.2.5-1.78.1 php72-pcntl-7.2.5-1.78.1 php72-pcntl-debuginfo-7.2.5-1.78.1 php72-pdo-7.2.5-1.78.1 php72-pdo-debuginfo-7.2.5-1.78.1 php72-pgsql-7.2.5-1.78.1 php72-pgsql-debuginfo-7.2.5-1.78.1 php72-phar-7.2.5-1.78.1 php72-phar-debuginfo-7.2.5-1.78.1 php72-posix-7.2.5-1.78.1 php72-posix-debuginfo-7.2.5-1.78.1 php72-pspell-7.2.5-1.78.1 php72-pspell-debuginfo-7.2.5-1.78.1 php72-readline-7.2.5-1.78.1 php72-readline-debuginfo-7.2.5-1.78.1 php72-shmop-7.2.5-1.78.1 php72-shmop-debuginfo-7.2.5-1.78.1 php72-snmp-7.2.5-1.78.1 php72-snmp-debuginfo-7.2.5-1.78.1 php72-soap-7.2.5-1.78.1 php72-soap-debuginfo-7.2.5-1.78.1 php72-sockets-7.2.5-1.78.1 php72-sockets-debuginfo-7.2.5-1.78.1 php72-sodium-7.2.5-1.78.1 php72-sodium-debuginfo-7.2.5-1.78.1 php72-sqlite-7.2.5-1.78.1 php72-sqlite-debuginfo-7.2.5-1.78.1 php72-sysvmsg-7.2.5-1.78.1 php72-sysvmsg-debuginfo-7.2.5-1.78.1 php72-sysvsem-7.2.5-1.78.1 php72-sysvsem-debuginfo-7.2.5-1.78.1 php72-sysvshm-7.2.5-1.78.1 php72-sysvshm-debuginfo-7.2.5-1.78.1 php72-tidy-7.2.5-1.78.1 php72-tidy-debuginfo-7.2.5-1.78.1 php72-tokenizer-7.2.5-1.78.1 php72-tokenizer-debuginfo-7.2.5-1.78.1 php72-wddx-7.2.5-1.78.1 php72-wddx-debuginfo-7.2.5-1.78.1 php72-xmlreader-7.2.5-1.78.1 php72-xmlreader-debuginfo-7.2.5-1.78.1 php72-xmlrpc-7.2.5-1.78.1 php72-xmlrpc-debuginfo-7.2.5-1.78.1 php72-xmlwriter-7.2.5-1.78.1 php72-xmlwriter-debuginfo-7.2.5-1.78.1 php72-xsl-7.2.5-1.78.1 php72-xsl-debuginfo-7.2.5-1.78.1 php72-zip-7.2.5-1.78.1 php72-zip-debuginfo-7.2.5-1.78.1 php72-zlib-7.2.5-1.78.1 php72-zlib-debuginfo-7.2.5-1.78.1 o SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.78.1 php72-pear-Archive_Tar-7.2.5-1.78.1 References: o https://bugzilla.suse.com/1197644 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRoy8kNZI30y1K9AQgf7xAAqRtsnTyax46EfI+nZCIGWM6sgcEZmhtp ylR9QwYDceC4c5RVIHK5YW+QukcWR67B2RRJuGR59mgh1XuuT3kow2hTNOgJNFM2 JH4w7ZVicJa8mmiW7bTLvfgXK4obxmoL4Q0CZZCo/Vw0gtQGa8Y4nN95ZALtV6a6 mG6n6chN8W1Ste0ijuoKDE5qaZJ2VngCxkUpxrjkbkrWB+EvgNTgUBRJgNyLNzXL KpIfelkwixMqjloCV5i3l0geEsn80xrvxOosNE7ZF+q85hG5rN+oWRZz/66VeDyi Cl0WPP7UW96lo1q8f1UP7KP5L0YTGBKe2sveuJe0pA62Ih8I1NrGMikzynrmbjFu +YYp0lkN8eFUrf00RBaY6yFBvhttMiNbzH1NM1JGGDju66wnOR1hcmzPdK4RthgE 4InQhwKU08hOr4mBhdfasHwVubAOSTThAfrJlNn8LktxcbbZ+tzSSu9dJwncImWC HmoUWnCnJFj1rergayvOPYW0yMhDoirwGXqyeahLJsRWa2R9svd3D5JXCpP8bQLL tfH3d1FvUT3fIX/0DD6Z5sr43klKJQb2ucAf10sk4nxD0Sv4achY9YpRY2KOU276 jOfhp7a2GTHETPIhYJMW8QhT2P2YrJhM5FwCQPP05ykJIbuIxSHpGazZV55Up3O5 C510a4PCHEI= =/qLV -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2425 - [SUSE] e2fsprogs: CVSS (Max): 7.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2425 Security update for e2fsprogs 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: e2fsprogs Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-1304 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221695-1 Comment: CVSS (Max): 7.0 CVE-2022-1304 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1695-1 Rating: important References: #1198446 Cross-References: CVE-2022-1304 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for e2fsprogs fixes the following issues: o CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1695=1 o SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1695=1 o SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1695=1 o SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1695=1 o SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1695=1 o SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1695=1 Package List: o SUSE OpenStack Cloud Crowbar 9 (x86_64): e2fsprogs-1.43.8-3.17.1 e2fsprogs-debuginfo-1.43.8-3.17.1 e2fsprogs-debuginfo-32bit-1.43.8-3.17.1 e2fsprogs-debugsource-1.43.8-3.17.1 libcom_err2-1.43.8-3.17.1 libcom_err2-32bit-1.43.8-3.17.1 libcom_err2-debuginfo-1.43.8-3.17.1 libcom_err2-debuginfo-32bit-1.43.8-3.17.1 libext2fs2-1.43.8-3.17.1 libext2fs2-debuginfo-1.43.8-3.17.1 o SUSE OpenStack Cloud 9 (x86_64): e2fsprogs-1.43.8-3.17.1 e2fsprogs-debuginfo-1.43.8-3.17.1 e2fsprogs-debuginfo-32bit-1.43.8-3.17.1 e2fsprogs-debugsource-1.43.8-3.17.1 libcom_err2-1.43.8-3.17.1 libcom_err2-32bit-1.43.8-3.17.1 libcom_err2-debuginfo-1.43.8-3.17.1 libcom_err2-debuginfo-32bit-1.43.8-3.17.1 libext2fs2-1.43.8-3.17.1 libext2fs2-debuginfo-1.43.8-3.17.1 o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): e2fsprogs-debuginfo-1.43.8-3.17.1 e2fsprogs-debugsource-1.43.8-3.17.1 e2fsprogs-devel-1.43.8-3.17.1 libcom_err-devel-1.43.8-3.17.1 libext2fs-devel-1.43.8-3.17.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): e2fsprogs-1.43.8-3.17.1 e2fsprogs-debuginfo-1.43.8-3.17.1 e2fsprogs-debugsource-1.43.8-3.17.1 libcom_err2-1.43.8-3.17.1 libcom_err2-debuginfo-1.43.8-3.17.1 libext2fs2-1.43.8-3.17.1 libext2fs2-debuginfo-1.43.8-3.17.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): e2fsprogs-debuginfo-32bit-1.43.8-3.17.1 libcom_err2-32bit-1.43.8-3.17.1 libcom_err2-debuginfo-32bit-1.43.8-3.17.1 o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.43.8-3.17.1 e2fsprogs-debuginfo-1.43.8-3.17.1 e2fsprogs-debugsource-1.43.8-3.17.1 libcom_err2-1.43.8-3.17.1 libcom_err2-debuginfo-1.43.8-3.17.1 libext2fs2-1.43.8-3.17.1 libext2fs2-debuginfo-1.43.8-3.17.1 o SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): e2fsprogs-debuginfo-32bit-1.43.8-3.17.1 libcom_err2-32bit-1.43.8-3.17.1 libcom_err2-debuginfo-32bit-1.43.8-3.17.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): e2fsprogs-1.43.8-3.17.1 e2fsprogs-debuginfo-1.43.8-3.17.1 e2fsprogs-debugsource-1.43.8-3.17.1 libcom_err2-1.43.8-3.17.1 libcom_err2-debuginfo-1.43.8-3.17.1 libext2fs2-1.43.8-3.17.1 libext2fs2-debuginfo-1.43.8-3.17.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): e2fsprogs-debuginfo-32bit-1.43.8-3.17.1 libcom_err2-32bit-1.43.8-3.17.1 libcom_err2-debuginfo-32bit-1.43.8-3.17.1 References: o https://www.suse.com/security/cve/CVE-2022-1304.html o https://bugzilla.suse.com/1198446 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRol8kNZI30y1K9AQjQTA//QbJhU9FiTywtXeUoog4JG7tk/dpoU85U 4IS3VBAr8LHFlbZ6PMKgPYSuPgA4bLck7F51pEqLgBgV3iPOEfhGAqA4DVrZO9KK 0Prc+JaYEZupyElItvssPUXN98Ujw493bwIOUbkrdyBoqqbm7di2770BL6Kk0059 7uh656OGAcisn1xpTldqSsiIn9Zv6on5+epOHdWc8YEkizGUJo2PAdZXr5rOcN1D RA0sDcSbF2eFy5KkukDtdfvmzfF05tyiKVr0hcxeLOMb1x7U/lpPQAVLN8YQ32hc YiIwsPp6C0CG/sATguXjYIK1mhc8x9xbnB4cPmQ8HNSQk+9IBEToNp4CJ1s2bkRH VbjY0urmc58eMrn17XMUAev0qP4ukwgblyGpp78b9O2OgwUCyutAsrloCMKu1HAf 27eNOJEC6NWnXu2rCRiIXifnJrgc78Rm4Lm3t0zDYQuQEQO4r1cCu43gv64Izt+J TfMuQwkgZrqAmphFsz2TnaSrf/C5hdHOUi0Ntu46D94gQatxLkmUhgtR1d6nKmDk pM5Ja016jQVUlyytuvhWPwspx3WgeysrFx/gH/+bVBhDIpZj25SXiYiTjXTCLXe/ Cps/iHCv7j6aNz3Np9kPtl3roe0XN19adn6ZaIOZAi5i1jnOpVYhiQIyoDTtG3Md YlbHiZFAZC0= =ZTvm -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2424 - [SUSE] nodejs8: CVSS (Max): 6.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2424 Security update for nodejs8 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: nodejs8 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-0235 CVE-2021-44907 CVE-2021-44906 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221694-1 Comment: CVSS (Max): 6.1 CVE-2022-0235 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1694-1 Rating: moderate References: #1194819 #1197283 #1198247 Cross-References: CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs8 fixes the following issues: o CVE-2021-44906: Fixed prototype pollution in npm dependency (bsc#1198247). o CVE-2021-44907: Fixed insuficient sanitation in npm dependency (bsc# 1197283). o CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1694=1 o openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1694=1 Package List: o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-150200.10.22.1 nodejs8-debuginfo-8.17.0-150200.10.22.1 nodejs8-debugsource-8.17.0-150200.10.22.1 nodejs8-devel-8.17.0-150200.10.22.1 npm8-8.17.0-150200.10.22.1 o openSUSE Leap 15.4 (noarch): nodejs8-docs-8.17.0-150200.10.22.1 o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-150200.10.22.1 nodejs8-debuginfo-8.17.0-150200.10.22.1 nodejs8-debugsource-8.17.0-150200.10.22.1 nodejs8-devel-8.17.0-150200.10.22.1 npm8-8.17.0-150200.10.22.1 o openSUSE Leap 15.3 (noarch): nodejs8-docs-8.17.0-150200.10.22.1 References: o https://www.suse.com/security/cve/CVE-2021-44906.html o https://www.suse.com/security/cve/CVE-2021-44907.html o https://www.suse.com/security/cve/CVE-2022-0235.html o https://bugzilla.suse.com/1194819 o https://bugzilla.suse.com/1197283 o https://bugzilla.suse.com/1198247 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRobskNZI30y1K9AQgA2RAAvDcgx8bLZRk1MdPbqsms1HRF6SZdvZAv b/Xb/ocF7896joqqDqALd0d2WT5A+3Zjqx5hKi4LbHVv0n+nh2Q4RlZJbJvJe88z GiB6jQpEtCeV3vYu9W1ARB0uW5j91Zh5ARf2cun9YbXFydVEkFzejrs6RwSFqDV/ mbpWq8qKusRz5/zlp/vsYWcSaTefovzStl1amZTcXLF9IJjwuEW2D+FQdDK3CXj8 n2auuJR+0+32gD3HozVAQBu2g2PdWPN+XQcCwt4IdXFe3iHZTxDehY7GKT3Z9dNE NZpV4DzuXno1e+nEP+m2ErsT0E0D5lfx2Y8U/ABSDAOKSNVxhhs9PLv5Nu+gkYEJ peuW0QUJP9rQoW7bRMuO8zZlJuDD99vzxGI5R8s6aFcfSswwn+uIJ8PqcuPATE4f CGOve5jj1Q6qZS6ELjTJ0Uwv5qai85D2aH+FNnKvrTuEHp0B0dBJdKbq2nYnJY6V mMiFP9MuFKzDpUXEbRKMlhGTRzz6fmVjkNOvI6+vRlFG8HqaHZsFBd39gWCD2Orb GIfL+SzxvEogm+L8t98LIyPOq7aURRktv9PGXsLkjAeJuA8HSyJ/HMKZsU5KW6tI EEXP/7pTWTmbsM7z/FlRO7k4rTXe+U3VYm6qqZ9u0gmeoSTWLuVsHYIIor8uzQQE Q1ifW4HdIU4= =AHjh -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2423 - [SUSE] pidgin: CVSS (Max): 8.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2423 Security update for pidgin 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: pidgin Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-26491 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221693-1 Comment: CVSS (Max): 8.1 CVE-2022-26491 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for pidgin ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1693-1 Rating: important References: #1199025 Cross-References: CVE-2022-26491 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pidgin fixes the following issues: o CVE-2022-26491: Fixed MITM vulnerability when DNSSEC wasn't used (bsc# 1199025). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1693=1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1693= 1 Package List: o SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libpurple-2.14.8-150400.3.3.1 libpurple-client0-2.14.8-150400.3.3.1 libpurple-client0-debuginfo-2.14.8-150400.3.3.1 libpurple-debuginfo-2.14.8-150400.3.3.1 libpurple-devel-2.14.8-150400.3.3.1 libpurple-plugin-sametime-2.14.8-150400.3.3.1 libpurple-plugin-sametime-debuginfo-2.14.8-150400.3.3.1 libpurple0-2.14.8-150400.3.3.1 libpurple0-debuginfo-2.14.8-150400.3.3.1 pidgin-2.14.8-150400.3.3.1 pidgin-debuginfo-2.14.8-150400.3.3.1 pidgin-debugsource-2.14.8-150400.3.3.1 pidgin-devel-2.14.8-150400.3.3.1 o SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch): libpurple-branding-upstream-2.14.8-150400.3.3.1 libpurple-lang-2.14.8-150400.3.3.1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): finch-2.14.8-150400.3.3.1 finch-debuginfo-2.14.8-150400.3.3.1 finch-devel-2.14.8-150400.3.3.1 libpurple-2.14.8-150400.3.3.1 libpurple-debuginfo-2.14.8-150400.3.3.1 libpurple-devel-2.14.8-150400.3.3.1 libpurple-plugin-sametime-2.14.8-150400.3.3.1 libpurple-plugin-sametime-debuginfo-2.14.8-150400.3.3.1 libpurple-tcl-2.14.8-150400.3.3.1 libpurple-tcl-debuginfo-2.14.8-150400.3.3.1 pidgin-2.14.8-150400.3.3.1 pidgin-debuginfo-2.14.8-150400.3.3.1 pidgin-debugsource-2.14.8-150400.3.3.1 pidgin-devel-2.14.8-150400.3.3.1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): libpurple-branding-upstream-2.14.8-150400.3.3.1 libpurple-lang-2.14.8-150400.3.3.1 References: o https://www.suse.com/security/cve/CVE-2022-26491.html o https://bugzilla.suse.com/1199025 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRoOMkNZI30y1K9AQinvg//Q/Cjg8VfuWIUqHr5l/+hHPwjoNZAY/MT cZ4bjOJB317DIOyZJSxAfEzHgF9P+Waz0GNDvidFvb461zjmT80e8CIoA6NaKv4w WmQtng9fuZe/RlUj3Bfn7bLzytIP2H9c/rdP7n9jkcEN/OaSyPlxm42dPkGrjsjY 7A9zcvVNWTlXndcVvLCnGnZpk8ySf0GhaA9Kbyo/omehQ36PaRgnAvbVU92Pw1uz RfrMY+XInKNnU6oII+yvqmatbao/ZRrzdO4OAXXKxMYz2csijFxsG6Ur3sspDULv medqWgI7k4yXKeSmQ6r2LTyhnZmLvxQTEplr4XFe9x3v12Ck7cU/JTEaLJM9mrty 1AEVL5mPk/KpKVzRxSwEOepnaMcP5KK5cn2PjBcfOcmyMH1uW8aEvjlIDQFaaLDx IXfcxagVOHnYVxxufAMWR6xSCEiN13n4KFc6bCjI63hhaPgw89X5XAJI+thtlf8w mloX9DJhCgAHCecBXKAm8i1sqo3yDK/fp51/B8X5TTl/pKF9LYxPvRk6GzssUYsN sFlW9PcLPdhlsKK1Pwbe2640jF75HJ0hzbJspIb0QkvdrFBKvIqKbP0QC+t868ep uCcmhsD2x88YZJSOQL4hpQEharlQjWKH69GW7nh9pwHvsoY72SpYoNmvscOaqdbW 3g7oyGHcLG0= =GIvU -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2422 - [SUSE] e2fsprogs: CVSS (Max): 7.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2422 Security update for e2fsprogs 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: e2fsprogs Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-1304 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221718-1 Comment: CVSS (Max): 7.0 CVE-2022-1304 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1718-1 Rating: important References: #1198446 Cross-References: CVE-2022-1304 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for e2fsprogs fixes the following issues: o CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1718=1 o SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1718=1 Package List: o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.46.4-150400.3.3.1 e2fsprogs-debuginfo-1.46.4-150400.3.3.1 e2fsprogs-debugsource-1.46.4-150400.3.3.1 e2fsprogs-devel-1.46.4-150400.3.3.1 e2fsprogs-scrub-1.46.4-150400.3.3.1 libcom_err-devel-1.46.4-150400.3.3.1 libcom_err-devel-static-1.46.4-150400.3.3.1 libcom_err2-1.46.4-150400.3.3.1 libcom_err2-debuginfo-1.46.4-150400.3.3.1 libext2fs-devel-1.46.4-150400.3.3.1 libext2fs-devel-static-1.46.4-150400.3.3.1 libext2fs2-1.46.4-150400.3.3.1 libext2fs2-debuginfo-1.46.4-150400.3.3.1 o openSUSE Leap 15.4 (x86_64): e2fsprogs-32bit-debuginfo-1.46.4-150400.3.3.1 libcom_err-devel-32bit-1.46.4-150400.3.3.1 libcom_err2-32bit-1.46.4-150400.3.3.1 libcom_err2-32bit-debuginfo-1.46.4-150400.3.3.1 libext2fs-devel-32bit-1.46.4-150400.3.3.1 libext2fs2-32bit-1.46.4-150400.3.3.1 libext2fs2-32bit-debuginfo-1.46.4-150400.3.3.1 o SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.46.4-150400.3.3.1 e2fsprogs-debuginfo-1.46.4-150400.3.3.1 e2fsprogs-debugsource-1.46.4-150400.3.3.1 e2fsprogs-devel-1.46.4-150400.3.3.1 libcom_err-devel-1.46.4-150400.3.3.1 libcom_err-devel-static-1.46.4-150400.3.3.1 libcom_err2-1.46.4-150400.3.3.1 libcom_err2-debuginfo-1.46.4-150400.3.3.1 libext2fs-devel-1.46.4-150400.3.3.1 libext2fs-devel-static-1.46.4-150400.3.3.1 libext2fs2-1.46.4-150400.3.3.1 libext2fs2-debuginfo-1.46.4-150400.3.3.1 o SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): e2fsprogs-32bit-debuginfo-1.46.4-150400.3.3.1 libcom_err2-32bit-1.46.4-150400.3.3.1 libcom_err2-32bit-debuginfo-1.46.4-150400.3.3.1 References: o https://www.suse.com/security/cve/CVE-2022-1304.html o https://bugzilla.suse.com/1198446 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRoEMkNZI30y1K9AQjhog//bngK2wlmk+ja786PcxfzDB1V95tzPsSu D/8758NS2+YELLkl3cQp5ZSBMEc7fa+2AJH+gLpZLTbXKTALp3+7tPXp0YENeWs/ IwZYjedI9Hage4w9Af1yyw3kAn7CQ/fqYNyWyjInZ194wGM99xfPaY98/KXbKv9J J9gi0wcJ3Z6/wNJT/nRpqM2Jmx+SqKi/5Bw01TRgHAPD84d4pUhtzK7HUuwBDz8H yeyQ4/fv5WT1w/fWtzpFAGaByfAXP9shmZAcekcbHfi9uJS1cadkyAfLPBADwL8o 6VB8cvWxZZCjoNopYGK6utsNmHxXuBkXF9LdH73xk0DlJz0cCeRVWR/TUy6AJwwr OhWO3sigTeD44w4JJQxV3UN72/qrdkJvBC3YK2MuUK3nk3OITbeX5lOoatTI6xue OsgtSiMdkGCA1AXkLqZKgp+n90Muh7giXqzTMLNhde7+h1/IPt6k4TU9btmvD5u+ hQBRXuQEzLuVl5SUrrfSbR5GTQ3PbEnq/piY2MjFm3vWpMuXe3MuifEWIYnbNAd2 qltB2FVy0nLElz/xeFsy3smqRJyNGFnn/JLmPA+2WJZ878N4kNIOyB4cjhIsGHlT BUAtydzv6F1+SHOEjKJA5NXydUH0LEZN33ouIX+DECCRESvnKht/2xKbQc1sb6fJ IAVhBNpXcCg= =8JpN -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.2421 - [SUSE] MozillaThunderbird: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2421 Security update for MozillaThunderbird 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: MozillaThunderbird Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-29917 CVE-2022-29916 CVE-2022-29914 CVE-2022-29913 CVE-2022-29912 CVE-2022-29911 CVE-2022-29909 CVE-2022-1520 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221719-1 Comment: CVSS (Max): 7.5 CVE-2022-29917 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1719-1 Rating: important References: #1198970 Cross-References: CVE-2022-1520 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29913 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Various security fixes MFSA 2022-18 (bsc#1198970): o CVE-2022-1520: Incorrect security status shown after viewing an attached email (bmo#1745019). o CVE-2022-29914: Fullscreen notification bypass using popups (bmo#1746448). o CVE-2022-29909: Bypassing permission prompt in nested browsing contexts (bmo#1755081). o CVE-2022-29916: Leaking browser history with CSS variables (bmo#1760674). o CVE-2022-29911: iframe sandbox bypass (bmo#1761981). o CVE-2022-29912: Reader mode bypassed SameSite cookies (bmo#1692655). o CVE-2022-29913: Speech Synthesis feature not properly disabled (bmo# 1764778). o CVE-2022-29917: Memory safety bugs fixed in Thunderbird 91.9 (bmo#1684739, bmo#1706441, bmo#1753298, bmo#1762614, bmo#1762620). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1719=1 o openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1719=1 o SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1719=1 o SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1719=1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1719= 1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1719= 1 Package List: o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.9.0-150200.8.68.2 MozillaThunderbird-debuginfo-91.9.0-150200.8.68.2 MozillaThunderbird-debugsource-91.9.0-150200.8.68.2 MozillaThunderbird-translations-common-91.9.0-150200.8.68.2 MozillaThunderbird-translations-other-91.9.0-150200.8.68.2 o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.9.0-150200.8.68.2 MozillaThunderbird-debuginfo-91.9.0-150200.8.68.2 MozillaThunderbird-debugsource-91.9.0-150200.8.68.2 MozillaThunderbird-translations-common-91.9.0-150200.8.68.2 MozillaThunderbird-translations-other-91.9.0-150200.8.68.2 o SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-91.9.0-150200.8.68.2 MozillaThunderbird-debuginfo-91.9.0-150200.8.68.2 MozillaThunderbird-debugsource-91.9.0-150200.8.68.2 MozillaThunderbird-translations-common-91.9.0-150200.8.68.2 MozillaThunderbird-translations-other-91.9.0-150200.8.68.2 o SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.9.0-150200.8.68.2 MozillaThunderbird-debuginfo-91.9.0-150200.8.68.2 MozillaThunderbird-debugsource-91.9.0-150200.8.68.2 MozillaThunderbird-translations-common-91.9.0-150200.8.68.2 MozillaThunderbird-translations-other-91.9.0-150200.8.68.2 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-91.9.0-150200.8.68.2 MozillaThunderbird-debuginfo-91.9.0-150200.8.68.2 MozillaThunderbird-debugsource-91.9.0-150200.8.68.2 MozillaThunderbird-translations-common-91.9.0-150200.8.68.2 MozillaThunderbird-translations-other-91.9.0-150200.8.68.2 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-91.9.0-150200.8.68.2 MozillaThunderbird-debuginfo-91.9.0-150200.8.68.2 MozillaThunderbird-debugsource-91.9.0-150200.8.68.2 MozillaThunderbird-translations-common-91.9.0-150200.8.68.2 MozillaThunderbird-translations-other-91.9.0-150200.8.68.2 References: o https://www.suse.com/security/cve/CVE-2022-1520.html o https://www.suse.com/security/cve/CVE-2022-29909.html o https://www.suse.com/security/cve/CVE-2022-29911.html o https://www.suse.com/security/cve/CVE-2022-29912.html o https://www.suse.com/security/cve/CVE-2022-29913.html o https://www.suse.com/security/cve/CVE-2022-29914.html o https://www.suse.com/security/cve/CVE-2022-29916.html o https://www.suse.com/security/cve/CVE-2022-29917.html o https://bugzilla.suse.com/1198970 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRlU8kNZI30y1K9AQhGiA/9G5TYHKTF/wkcMoj2DPYqiUwFaeSB3K1p nikXRKkTts3nW+TmTyhNTD8rdHMAI+V3fWBsxYeC8dOAUbIQU9OU+7wExPrPuq51 GL1PNcwDtQyM8gqlVuFJDCOaFlj9YFEEwEeHPBtEN1skxxiuscvJ2fQP3W9a2Rxc 9gOhDO7ezgCPSpKLXH3p6DubzjC/rWCgITsmxJNOX4tZQZ3SWIVoqlHHXyKVBEFo yTy9M8/NzkmW5IRDMrV4zlsLfaPI/PE7KgkPFGT4eBBseSnfnTCltAr560OSJbqk XOUps7Fh9yInJNr+1jm8fvUGuuzyaOI8zOF78JW4S9T1BbRMOo9refiIv6m5UNo7 4DGySZxKg5Gr9Gs5QaS0UUBulInJ0XvIRNPxXgMLWUoEjkfRXeP9FT66Lvvo1sTB FkXoXt3LFZcki8O3pWpGp4b6JLD2PpnPMHg6cRYPGwXPg+qgfW2bn/93+3dbqJoO lD62I2Xx6d9WimugyCMEFUA9J0vM/3PdACIvw5x/IxYaFh7n8bMjHoOxulmBAvFy P6aKgGLwjPIlBfVbRcM+gsdtRTCMAZWdd8oymkjM+SVdKzgH7VQoYeyeF/+S7pPr tQspA11YdMlUMm2BPtOv84bTW5OArSnOmgPgbgEXFWxmOrvIEl7MfS3Y9uNjQ4oO deQVkn4Evd4= =ArTC -----END PGP SIGNATURE-----
2022. május 18.

ESB-2022.1913.2 - UPDATE [Cisco] Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software: CVSS (Max): 8.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1913.2 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Privilege Escalation Vulnerability 18 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Adaptive Security Appliance Software Firepower Threat Defense Software Publisher: Cisco Systems Operating System: Cisco Resolution: Patch/Upgrade CVE Names: CVE-2022-20759 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgmt-privesc-BMFMUvye Comment: CVSS (Max): 8.8 CVE-2022-20759 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Cisco Systems Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Revision History: May 18 2022: Fixed broken link in Summary section April 29 2022: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Privilege Escalation Vulnerability Priority: High Advisory ID: cisco-sa-asaftd-mgmt-privesc-BMFMUvye First Published: 2022 April 27 16:00 GMT Last Updated: 2022 May 17 19:37 GMT Version 1.2: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvz92016 CVE Names: CVE-2022-20759 CWEs: CWE-266 Summary o A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is due to improper separation of authentication and authorization scopes. An attacker could exploit this vulnerability by sending crafted HTTPS messages to the web services interface of an affected device. A successful exploit could allow the attacker to gain privilege level 15 access to the web management interface of the device. This includes privilege level 15 access to the device using management tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM). Note: With Cisco FTD Software, the impact is lower than the CVSS score suggests because the affected web management interface allows for read access only. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgmt-privesc-BMFMUvye This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication . Affected Products o Vulnerable Products This vulnerability affects Cisco products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software and at least one of following conditions is true: HTTPS Management Access and IKEv2 Client Services are both enabled on at least one (not necessarily the same) interface HTTPS Management Access and WebVPN are both enabled on at least one (not necessarily the same) interface Neither of these features is enabled by default in Cisco ASA Software or Cisco FTD Software. For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. Determine the Device Configuration Determine the HTTPS Management Access Configuration To identify the status and port of the HTTPS management access, use the show running-config http CLI command. The following example shows the output of the show running-config http command on a device that has HTTPS management access enabled on the inside and outside interface using TCP port 8443: asa# show running-config http http server enable 8443 http 0.0.0.0 0.0.0.0 inside http 0.0.0.0 0.0.0.0 outside If the line starting with http server enable does not include a port, the default port 443 is used. The exact port value does not affect the vulnerability status of the device. If the line starting with http server enable is missing or the output does not include an HTTP access-control list (ACL) associated with an interface, the HTTPS management access is disabled. The exact value of the HTTP ACL does not affect the vulnerability status of the device. However, for successful exploitation, the attacker has to be able to connect to the HTTPS management server of the device from an IP address that is permitted by the HTTP ACL. Determine the IKEv2 Client Services Configuration To identify the status and port of the IKEv2 client services, use the show running-config crypto ikev2 | include port CLI command. The following example shows the output of the show running-config crypto ikev2 | include port command on a device that IKEv2 client services enabled on the outside interface using TCP port 8443: asa# show running-config crypto ikev2 | include port crypto ikev2 enable outside client-services port 8443 The exact port value does not affect the vulnerability status of the device. If the command output is empty, IKEv2 client services are not enabled. Determine the WebVPN Configuration To identify the status and port of WebVPN, use the show running-config all webvpn | include ^ port |^ enable CLI command. The following example shows the output of the show running-config all webvpn | include ^ port |^ enable command on a device that has WebVPN enabled on the outside interface using TCP port 8443: asa# show running-config all webvpn | include ^ port |^ enable port 8443 enable outside The exact port value does not affect the vulnerability status of the device. If the command output is empty output or there is no enable statement, WebVPN is not enabled. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Firepower Management Center (FMC) Software. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. The Cisco Support and Downloads page on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases In the following table(s), the left column lists Cisco software releases. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by any of the Critical or High SIR vulnerabilities described in this bundle and which release includes fixes for those vulnerabilities. ASA Software Cisco ASA First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories 9.7 and Migrate to a fixed Migrate to a fixed release. earlier ^1 release. 9.8 9.8.4.43 Migrate to a fixed release. 9.9 ^1 Migrate to a fixed Migrate to a fixed release. release. 9.10 ^1 Migrate to a fixed Migrate to a fixed release. release. 9.12 9.12.4.38 9.12.4.38 9.13 ^1 Migrate to a fixed Migrate to a fixed release. release. 9.14 9.14.4 9.14.4 9.15 9.15.1.21 9.15.1.21 9.16 9.16.2.13 9.16.2.14 9.17 9.17.1.7 9.17.7 1. Cisco ASA Software releases 9.7 and earlier as well as releases 9.9, 9.10, and 9.13 have reached end of software maintenance . Customers are advised to migrate to a supported release that includes the fix for this vulnerability. FTD Software Cisco First Fixed Release for This Vulnerability First Fixed FTD Release for All Software Vulnerabilities Release Described in the Bundle of Advisories 6.2.2 and Migrate to a fixed release. Migrate to a earlier fixed release. ^1 6.2.3 Migrate to a fixed release. Migrate to a fixed release. 6.3.0 ^1 Migrate to a fixed release. Migrate to a fixed release. 6.4.0 6.4.0.15 (May 2022) 6.4.0.15 (May 2022) 6.5.0 ^1 Migrate to a fixed release. Migrate to a fixed release. 6.6.0 6.6.5.2 6.6.5.2 Cisco_FTD_Hotfix_AA-6.7.0.4-2.sh.REL.tar 6.7.0 Cisco_FTD_SSP_FP1K_Hotfix_AA-6.7.0.4-2.sh.REL.tar Migrate to a Cisco_FTD_SSP_FP2K_Hotfix_AA-6.7.0.4-2.sh.REL.tar fixed release. Cisco_FTD_SSP_Hotfix_AA-6.7.0.4-2.sh.REL.tar 7.0.0 7.0.2 (May 2022) 7.0.2 (May 2022) 7.1.0 7.1.0.1 7.1.0.1 1. Cisco FMC and FTD Software releases 6.2.2 and earlier, as well as releases 6.3.0 and 6.5.0, have reached end of software maintenance . Customers are advised to migrate to a supported release that includes the fix for this vulnerability. For instructions on upgrading your FTD device, see Cisco Firepower Management Center Upgrade Guide . The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory. Exploitation and Public Announcements o The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o Cisco would like to thank the Orange CERT-CC and SA2 teams for reporting this vulnerability. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Related to This Advisory o Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgmt-privesc-BMFMUvye Revision History o +---------+---------------------------+------------+--------+-------------+ | Version | Description | Section | Status | Date | +---------+---------------------------+------------+--------+-------------+ | 1.2 | Fixed broken link in | Summary | Final | 2022-MAY-17 | | | Summary section. | | | | +---------+---------------------------+------------+--------+-------------+ | | Further clarified the | Vulnerable | | | | 1.1 | conditions for the | Products | Final | 2022-MAY-03 | | | vulnerable status. | | | | +---------+---------------------------+------------+--------+-------------+ | 1.0 | Initial public release. | - | Final | 2022-APR-27 | +---------+---------------------------+------------+--------+-------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoRrpckNZI30y1K9AQj9dA/+K++zO5KRzBeLWzRH9OHQAu3Pk72OFmx3 hZlFfICO/NB64IzBMvoJ8cqqTd2hH8ZpULB/ypyhzNZHVmK9r9M2dXPG8sSBIGsI nvCAi7esWeyZpnr592KzZE8IDMD6fO7ShXUH61uQ7gYitm6u95kYZSBuGmhwJVhw Cnp2HeWY5tF8ETBy6sL+dZhB3+ZjJWsF+bJKdBF48uEmr/u2eqKL83y+RHym9vDV 8cjFBzfOG5STb7kzBXv/Kqk5Mg+44dbv1nkgczTcvuo4wprJ4LC9N1OFubXiVkir aWgzbLzA5a8U5+1AN4GCwJb6PYdz1WE1Ldbbzbr408FFLgGgUfM2qdkOktPVESat HqXS2Pjc8/sQjW7afEAZjyTfTxurG83Q5gxFmpRlYijog1zuYQwwnUFLilbFfrlN ZFGyeN8+B1S4eBvMQqGv1PI5w/5iS2claobH+pcXk99NvGtFyCoVxQ7wu1A9OP6K iIdDp6wq8XzWFf1S3nBJvtFzCRQ0roylF7UDUT2hJz3oqkeT9dRvIbDI1TQdDX05 AiF15EKChR3A6cXd1j51S5SKO5z4wYGs0QyCWzhkWtyDlVObkfXjg2atQV1A+F8E APnyHZIpZY5rLh7kID6iJGJ8A08FBajCGhBk4EfUvu1plyu9DvJN7MLkFRTOPNIz vBfwhNDNofQ= =dxV2 -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2420 - [Cisco] Snort application detection engine: CVSS (Max): 4.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2420 Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Snort application detection engine Publisher: Cisco Systems Operating System: Cisco Resolution: Patch/Upgrade CVE Names: CVE-2021-1236 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq Comment: CVSS (Max): 4.0 CVE-2021-1236 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N) CVSS Source: Cisco Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability Priority: Medium Advisory ID: cisco-sa-snort-app-bypass-cSBYCATq First Published: 2021 January 13 16:00 GMT Last Updated: 2022 May 16 18:45 GMT Version 1.2: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvs85467 CSCvu21318 CVE Names: CVE-2021-1236 CWEs: CWE-670 CVSS Score: 4.0 AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X Summary o Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq Affected Products o Vulnerable Products At the time of publication, this vulnerability affected all open source Snort project releases earlier than Release 2.9.14. For more information, see the Snort website . At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco software: 3000 Series Industrial Security Appliances (ISAs) Firepower Threat Defense (FTD) Software At the time of publication, this vulnerability affected the following Cisco products if they were running a release earlier than the first fixed release of Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software or Cisco UTD Engine for Cisco IOS XE SD-WAN Software. Note: UTD is not installed on these devices by default. If the UTD file is not installed, the device is not vulnerable. 1000 Series Integrated Services Routers (ISRs) 4000 Series Integrated Services Routers (ISRs) Cloud Services Router 1000V Integrated Services Virtual Router (ISRv) For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Determine Whether UTD is Enabled To determine whether UTD is enabled on a device, issue the show utd engine standard status command and check for a Yes under Running . If there is no output, the device is not affected. The following output example shows a device that has UTD enabled: Router# show utd engine standard status Engine version : 1.0.19_SV2.9.16.1_XE17.3 Profile : Cloud-Low System memory : Usage : 6.00 % Status : Green Number of engines : 1 Engine Running Health Reason =========================================== Engine(#1): Yes Green None ======================================================= . . . Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Adaptive Security Appliance (ASA) Software Firepower Management Center (FMC) Software Meraki Security Appliances Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco Firepower Threat Defense (FTD) releases 6.5.0.5 and later contained the fix for this vulnerability. At the time of publication, Cisco UTD Snort IPS Engine Software for IOS XE 17.4.1 ^ 1 contained the fix for this vulnerability. At the time of publication, the open source Snort project release 2.9.14.10 and later contained the fix for this vulnerability. For more information, see the Snort website . See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. 1. Starting in 17.2.1, IOS XE and IOS XE SD-WAN use the same image file. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq Revision History o +---------+---------------------------+------------+--------+-------------+ | Version | Description | Section | Status | Date | +---------+---------------------------+------------+--------+-------------+ | | Added instructions to | Vulnerable | | | | 1.2 | determine whether UTD is | Products | Final | 2022-MAY-16 | | | enabled and running. | | | | +---------+---------------------------+------------+--------+-------------+ | | Updated vulnerability | Vulnerable | | | | 1.1 | information for Cisco UTD | Products | Final | 2021-NOV-12 | | | Engine requirements. | | | | +---------+---------------------------+------------+--------+-------------+ | 1.0 | Initial public release. | - | Final | 2021-JAN-13 | +---------+---------------------------+------------+--------+-------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoM3fskNZI30y1K9AQgtHw//TrJ95HmRyXZjqZ4T3LrkNAy7xPxMB98V 4BWPDyReU1uVjUTyvE5Jy5hmLTpkkMGwfcbkR9E6HwoOtESdF03BQa1nuQvS4MBE f6lPpa42HVu48iUL6iEcY3VvEFMWqyBtHIMOB1nQfwcbUcHCpcgysgM0NCKpPpwv keeDp+ekFCVuA7Ix7plHmKLfE3+nWoKcQvoj3AZ5XeoFBjyv982LxSAfbtQY2qA5 Z5ukg9GyU10cTpuLyBw/t2iWKMRefpmmkBkba09n6CqQUQ/vAWC8a84pQccZwlbP Upo+KVqHNxc1aK1D31++CVKTugOwEHaYzmrYOi1FGKZ0bosWBXlLdg9Tem3UMC6i D81fvO7nrqWEMCr79naLgvgiexQM5CgesrSBIWysr0KHRGIGqMNADf9vpFi7oGFp txHZDdQOdrBuyslZWqc6YBUNUXRYdsE7qBCYPPLBWjmcMvH7jEoKfTwpIxnOT0N6 8KvYFVCpSrYot1+48bQtp7280eDdZ5GPYFRTq0SO9/6JJP2OqlIWAgT8qvNQwHl9 yyU9sHMVQ2ec21xmGWJoNuaLmPSJZtTZls/jTobwLhf1RnNqnAYmADMjFDDO/8ho AgZy1F/HMdCeh/9vgbz6L+1oQhD0q3FzbTL0dpMTWiTfLtpVe9HvH3iwt05nF4ah Gbtx/IGXnQk= =GWKd -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2419 - [Debian] cifs-utils: CVSS (Max): 7.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2419 cifs-utils security update 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: cifs-utils Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-29869 CVE-2022-27239 Original Bulletin: https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html Comment: CVSS (Max): 7.8 CVE-2022-27239 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3009-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta May 16, 2022 https://wiki.debian.org/LTS - - ----------------------------------------------------------------------- Package : cifs-utils Version : 2:6.7-1+deb9u1 CVE ID : CVE-2022-27239 CVE-2022-29869 Debian Bug : 1010818 A couple of vulnerabilities were found in src:cifs-utils, a Common Internet File System utilities, and are as follows: CVE-2022-27239 In cifs-utils, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. CVE-2022-29869 cifs-utils, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. For Debian 9 stretch, these problems have been fixed in version 2:6.7-1+deb9u1. We recommend that you upgrade your cifs-utils packages. For the detailed security status of cifs-utils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cifs-utils Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmKCVN0ACgkQgj6WdgbD S5a2MxAAp9n/LKNVZMYms5IwTZ2Grb00VxJG7lR1LuKpL15t9FcQT606+d6uE+Wd nRibHy3ie81zDQJxVH1Kc+1SdCe/H2Rddqa/+bZ6z6TnpvLhZx0cwwzxE5PrAWzn 0HS8KYrXsj34L982OoNGDbSbdoB17edRWRxw/KpTcsij3gxZeXNIepe0m4i6OOUn K+IB1lIWFJc4E7cYSlxHUKOPcCf5L1uD9mZ/2mi3xVaIEJD20HoJ/Ec7bS6uR2CY doYzky3YS9slVZLZPmblt+KXmMn9kzU0TDwF7+Z3G4iaedwv62TUkfYKtCSWeMuB 89E1GYK1gyslFE88lI861qArtC9VByKyggnddUwK+ME1p1bIv73tl/UDT2a1pTKJ 3bgiPKpIGicyuqe3/SKTO6cXW1FzvAE18pKC8YGj3B7qaZZexcAt2++klwyG5jEZ MrgwTP9uIzT3/P9nXsov5x9K0P0jfVgSF0Fdg07DFesvEnkpXKEiy3saXJKI6Zd8 QgKiEp2zsC0Iuf6gDWRIg5Fgrur+ao8jcLay9BW+6L7ajUlpGcrheOp0mr0mfsB+ kak58JxVfPtH4I7e2bxOn+xctbu1NCHTP6LqxzVvBUsiIA9o1oXLAroA4co5mrzB BkLt4o8WKIF+RPbVaiIOsuW4/+k5d55Nr19C/os3aGnWns+Br1o= =8v4w - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoM1l8kNZI30y1K9AQg3+g//RtbWCrW4SmivxsXTrIAOTpKKoBM86f7R Og4L6XehLcknHjdIy6nCq6mWtRUp5LjVtdaHgJrKQS7iwWenCWh0j/Olt0T5HjaJ 75VdVBWxEUHS7wsuJwnjavEPsFTIKoh6rL9RplmCMtZZF0wlb0PDVqgiPI2dYDuN mBQY6PLjwgIaUy09R5wKAMs0EsxQ8IGl3h/LHuu+kgT4YfPlWjnFQd6OFPmc82At ETlMDx6ArITpYTBrQLoE1xYv1qPMkP2Yzv9J5/qk+Ur1rI5jyxhEJeU615RwDzVR NOzlFxG7oQ4R8yFk/vTRZdRRY5TsXgqQeqbYB3Edcf7Q7UwM5TmAtOSZpyvkvvYC 3etQ705ghWbJn4WxJZ925+2/tXCbAqNJ7gVVlEYHeoESbaqX7EvqppEyFYzFXl7M Vbf9PYY6YUzqlc6ZVBELL8ODUqwsyAzmtIDKKbwKpggTycZMgIRsWZYoMEwlkbOq a/Jd5/iZNNQs8DEykVcwGnXYpf/g8Uwh56o8YC+syTK9FbF9BKojBhe2Gm+yV/Uk uTI7qh4EiJcNfSesBbffYUed260jrEUQSZoqunZEcGVpwgFc1EXVDgX0D2fki3um EjRtURXLM4NofK3jX+tcJc5qTv5tGkgBd37pDk4ZZJdDIBwkeNrs/jY0TK0ShBAA AEWfMPDlZSs= =sTQK -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2418 - [HPE NonStop] WebSphere MQ for HP NonStop Server: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2418 Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: WebSphere MQ for HP NonStop Server Publisher: IBM Operating System: HPE NonStop Resolution: Patch/Upgrade CVE Names: CVE-2022-0778 Original Bulletin: https://www.ibm.com/support/pages/node/6585724 Comment: CVSS (Max): 7.5 CVE-2022-0778 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: IBM Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778 Document Information Document number : 6585724 Modified date : 12 May 2022 Product : WebSphere MQ Component : Server Software version : 5.3.1 Operating system(s): HPE NonStop Edition : 5.3.1.0,5.3.1.1,5.3.1.2,5.3.1.3,5.3.1.4,5.3.1.5,5.3.1.6,5.3.1.7,5.3.1.8,5.3.1.9,5.3.1.10,5.3.1.11,5.3.1.12,5.3.1.13,5.3.1.14,5.3.1.15 Summary An issue was identifed in OpenSSL when MQ is using it to parse certificates. Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 221911 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions +----------------------------------------------------------+----------+ |Affected Product(s) |Version(s)| +----------------------------------------------------------+----------+ |WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium)|53.1.x | +----------------------------------------------------------+----------+ Remediation/Fixes +---------------------------------------------------------------+---------+--------+-----------------------+ |WebSphere MQ V5.3.1 for HPE NonStop (Itanium) Fixpack 17 |5.3.1.17 |IT40195 |Install patch IT40195 | +---------------------------------------------------------------+---------+--------+-----------------------+ Workarounds and Mitigations None Change History 11 May 2022: Initial Publication - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMvV8kNZI30y1K9AQg3iBAAonMmRQol25XaQqQveVT+2DWBN++7DKJg UDSxvKxUCrgfN2Q8HV8rJcAHhrkc53pzYn78jXUOSqpLUHc0yG0VpIdrcWTCjMsu JY3T0qRbQIfZ4861NxfYM5u+4I4D8RqkG6h2aoEsEBUaJ4jYsx/aDwXaPOvBfP8x 42AUZCRXnKUoQ7f+uXlaB/6ckJ6RkMeLKp1Y8YTGjKc+TRACRmIMjrdJ3tzgKLlm vvUpPrnhHhhEJmNBAYX98dWbFppRnHqetMHJDzl7vjHXgkInQRcgF3G1fKO0VFC9 PaiUwW3rV1Y30CCZ12fIs23AN437GZ7TvDRKKCXZy09Ga4MD6MZd32i7rkYM43U6 Ddhk4gL1tau+p8PzfYVdD2Al3Mig855r47dcgraZGuvJY0/mDQgg3ofLbx+4K4bB OToU4VwWARvn/Q1JbexKTVqM0Da1tYW/76H9eaopp4F9SYlkZZBjyNc8CweYS0am XWHA4uiv+n8T+vQyoH6okOgH6nmNnqM0ZmeuPTDO2qYj1NvLEeepre46o/h0Nva/ 0zwyX9U2rpX7sKQuGQHmP3t+4HB3KCDgIbVDq8IfiBzaUvjeUX3hJycyYO2ssfWK UUszHisrFTQJEsHjpFTHfcoVIrskAx0i5fptwcd5zfsZVITdJfEURPPjCQ0Llz3k XdnH+d+MPps= =bq5u -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2417 - [HPE NonStop] WebSphere MQ for HP NonStop Server: CVSS (Max): 6.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2417 Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: WebSphere MQ for HP NonStop Server Publisher: IBM Operating System: HPE NonStop Resolution: Patch/Upgrade CVE Names: CVE-2021-4160 CVE-2016-0701 Original Bulletin: https://www.ibm.com/support/pages/node/6585726 Comment: CVSS (Max): 6.7 CVE-2021-4160 (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) CVSS Source: IBM Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160 Document Information Document number : 6585726 Modified date : 12 May 2022 Product : WebSphere MQ Component : Server Software version : 5.3.1 Operating system(s): HPE NonStop Edition : 5.3.1.0,5.3.1.1,5.3.1.2,5.3.1.3,5.3.1.4,5.3.1.5,5.3.1.6,5.3.1.7,5.3.1.8,5.3.1.9,5.3.1.10,5.3.1.11,5.3.1.12,5.3.1.13,5.3.1.14,5.3.1.15 Summary WebSphere MQ for HP NonStop Server may be using weaker than expected security due to an algorithmic problem within OpenSSL. Vulnerability Details CVEID: CVE-2021-4160 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to launch further attacks on the system CVSS Base score: 6.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 218394 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) Affected Products and Versions +----------------------------------------------------------+----------+ |Affected Product(s) |Version(s)| +----------------------------------------------------------+----------+ |WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium)|53.1.x | +----------------------------------------------------------+----------+ Remediation/Fixes +---------------------------------------------------------------+---------+--------+-----------------------+ |WebSphere MQ V5.3.1 for HPE NonStop (Itanium) Fixpack 17 |5.3.1.17 |IT40195 |Install patch IT40195 | +---------------------------------------------------------------+---------+--------+-----------------------+ Workarounds and Mitigations None Change History 11 May 2022: Initial Publication - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMvQskNZI30y1K9AQgclA/+NoyEZeKOE4+z1YPb4JHPJL/U5mxABalf vJhSRaN+Rp5BWc/llP3EOmIFHi6q9BLX1fv0JJg3HmbvuJaom0WtQD1Fn1k6wMuH jWgwA9SM7bGn3iyl08bXjt2dp1kxzl2In/kWMZChlwZQzVVE333+cg0nWZq/AnEP bcMLAjpQBF0wV+t+ZyrY9NdBS+B0n+iAC5wGMLAsSd8G49X9QrMAnh5mJey0eZX9 Dr7mvKK3GKdF7hpIb+5HJIjBsHYrQ2CKsz1ubs3zV8M6h3TMli9Q6OwRdu+TmgR4 aexgUx6/T+hOW+n/tagzb9y3hSrBrgN7IoFrjOov30Y8fgJR7IYSNhXJDDw8DcLc ICFCx2dqsgEvIM/KOl9OAVCQ9zWVfXvEuqwvf6MJ6jZfhEVDeBpLQYsbhIDPTAEm rfvEiNMYC2BOZJaxQeyLEJ7eQ/XJ1ouE8pzhk9bpBYpP2E2CuGOM8tcXtWAQkc4c QZy2G+tYSez+X1T/7zhSQCnLZSZUVMMmWfub15wyLJPNCF2PDx1E7Oxi8SnhnaZI TBygBFl/ev1EbMfqWqMJWKyFQT3e/yq/OE8ssZiNqI/1RXl6WqDURq00hUCXF8s3 MKx6CxU2lGrvi53g3/pRXVSpLBwonp3NrpeZ6Kvhg2vpiKZOqDuwseSQm3JTdp5y jRgu/JgU2Ho= =p8Qs -----END PGP SIGNATURE-----