AusCERT - Security Bulletins

Subscribe to AusCERT - Security Bulletins hírcsatorna
Latest published security bulletins. See https://www.auscert.org.au/rss/ for feed information.
Frissítve: 1 óra 59 perc
2022. május 17.

ESB-2022.2416 - [Win][Linux][IBM i][HP-UX][Solaris][AIX] IBM WebSphere Application Server Liberty: CVSS (Max): 5.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2416 Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22475) 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM WebSphere Application Server Liberty Publisher: IBM Operating System: AIX HP-UX IBM i Linux variants Solaris Windows z/OS Mac OS Resolution: Patch/Upgrade CVE Names: CVE-2022-22475 Original Bulletin: https://www.ibm.com/support/pages/node/6586734 Comment: CVSS (Max): 5.0 CVE-2022-22475 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) CVSS Source: IBM Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L - --------------------------BEGIN INCLUDED TEXT-------------------- IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22475) Document Information Document number : 6586734 Modified date : 16 May 2022 Product : WebSphere Application Server Component : Liberty Software version : Liberty Operating system(s): AIX HP-UX IBM i Linux Solaris Windows z/OS Mac OS Edition : Liberty Summary IBM WebSphere Application Server Liberty is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. Vulnerability Details CVEID: CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty are vulnerable to identity spoofing by an authenticated user. CVSS Base score: 5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 225603 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions +----------------------------------------+-------------------+ |Affected Product(s) |Version(s) | +----------------------------------------+-------------------+ |IBM WebSphere Application Server Liberty|17.0.0.3 - 22.0.0.5| +----------------------------------------+-------------------+ Remediation/Fixes IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH46072 . To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to How to determine if Liberty is using a specific feature . For IBM WebSphere Application Server Liberty 17.0.0.3 - 22.0.0.5 using the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature (s): . Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH46072 - --OR-- . Apply Liberty Fix Pack 22.0.0.6 or later (targeted availability 2Q2022). Additional interim fixes may be available and linked off the interim fix download page. Workarounds and Mitigations None To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to How to determine if Liberty is using a specific feature . Change History 16 May 2022: Initial Publication - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMvM8kNZI30y1K9AQiO2A//TtqW7FIoaujraA9M6H3jCY8/aqVGWteC gI6xuwkE9eI19rEOhpdeGk6iB5PYNWgvy8ZdhWp11LrcZ35fQV/QqTMotcauTFXO TIJTcikLgyS8N7h3mBEs24KRhpnSvpVipNvJQvMRp+1xipn1NxH+xv3DR1MwBVCW 8i3pkmJsMKuIMZ1Kyglry76sLxd/AKtEpQvT8fpRMM45keqXqSaYBj/uzs0pP9+L c6VBzmPMs2vtAWINRDBHGN0TnicBoGhHwQgoJQPGWBRBzp4+fCZLBFyFGFNquymz d+yrB/41PF4y8sNbiiwu7vUlcYqaX+B3iwTAegCRce1EbWt06E1+WQhGW8Tzs9f6 4OslTJVD52vzsH2dVYhxU5lr+vj+uhPLA/0uVEpxK3UQBn95rOfRMT2CuwlJmGVn MTXL9iOGYP9rCscMH8IDw4nMF3fGA9ZBwe7zef/ZubqL7I4MvvAXbWtbkqOj7D4r KdIOTh5bvJmNruQHBcos2EX7rHrSYBWYO1preoiLJMOfrpjrHMvGenhoWP5VFKZI sxG2kZkA23sQSUMi3NS5IriHQPteHN9XY7ayoeWuUorkjUcFWN6OcTd56D9fXExv OYDZjXuRayzH9m8a42I7X8BQTR9xZwOqDeLEg/0woQc0L2qVO2pQe7JkFDqNCpyS 4v/rCUCyZdI= =7XoI -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2415 - [HPE NonStop] IBM MQ for HP NonStop Server: CVSS (Max): 5.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2415 Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2022-22325 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM MQ for HP NonStop Server Publisher: IBM Operating System: HPE NonStop Resolution: Patch/Upgrade CVE Names: CVE-2022-22325 Original Bulletin: https://www.ibm.com/support/pages/node/6585780 Comment: CVSS (Max): 5.1 CVE-2022-22325 (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) CVSS Source: IBM Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- IBM MQ for HP NonStop Server is affected by vulnerability CVE-2022-22325 Document Information Document number : 6585780 Modified date : 12 May 2022 Product : IBM MQ for HPE NonStop Component : Server Software version : 8.1 Operating system(s): HPE NonStop Edition : 8.1.0.0,8.1.0.1 Summary A queue manager trace may disclose a plaintext password flowing over an MQ channel. The issue is described by CVE-2022-22325 Vulnerability Details CVEID: CVE-2022-22325 DESCRIPTION: IBM MQ can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. CVSS Base score: 5.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 218853 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions +-----------------------+-----------+ |Affected Product(s) |Version(s) | +-----------------------+-----------+ |IBM MQ for HPE NonStop |8.1.0 | +-----------------------+-----------+ Remediation/Fixes +----------------------------------------+------------+-----------+----------------------------------------+ |IBM MQ V8.1 for HPE NonStop |8.1.0.10 |IT40789 |Upgrade to Fixpack 8.1.0.10 | +----------------------------------------+------------+-----------+----------------------------------------+ Workarounds and Mitigations None Change History 12 May 2022: Initial Publication - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMvI8kNZI30y1K9AQhyuxAAokU+bn3BuJdy+1T9l+wh147zdNyXmMdR AefYGMucnKgvvhb0IYXwqN45+Odq5y+BPIE+3mjxfHU6GKZ5+z+gvIjLoqBguKFp aA3/bGiZygtXP8shjMOfQnyOTcCVGZc2S89yyxD2+SNBQYbmmP+QnxWnIfVZCAH9 JK8NnmFiSph6KLMkKmnDw6A3kKe0ZeDZM1v/8zc/LElHLVx9ECG8FDio+8IKfHn2 v6kFVG6WNEjpZsaAdtbsARF2Ju6l0F0jY4sq+sxMY8VU1+q3YAsQWPxrkhkHJgga AVSBZ2oO2edHZVVVUSuN66h93b3dpEpReayfY/EXy2ukSBUZnnV+AFcGZQ+lqNbn kEElAl1Uk5IMcwYBLmm+gbk0Mb4/kEiEjOCIXUsYpIuwYOubB65LI5kNNzWvjDcN t6NdyhwdUP1TIV81WJDp03mYkNe94Vp5qlYlfNwBugrNidzQ7di2TXMEw5Y2WFiY P1Dy3V8Lk0im2Xy4w3LdxvqArdmt0IaXeFFeuRpDmRCDzZHEZpp6gITIXOkggQRK 6VhPe7tlWjKwfyp5y8zgGCvNxm1bPnKg9EFSI2EGVdW1DhOEU9L1PrSlWugFBjzq zIlXGgTv3I2aJQJyD8yUDXCtfOsEANpMmr9UvvJsF81UJtYBzuPP+6HNs1bFPL9I nuxOYRGDZ3s= =wcuj -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2414 - [HPE NonStop] IBM MQ for HP NonStop Server: CVSS (Max): 5.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2414 Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2022-22316 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM MQ for HP NonStop Server Publisher: IBM Operating System: HPE NonStop Resolution: Patch/Upgrade CVE Names: CVE-2022-22316 Original Bulletin: https://www.ibm.com/support/pages/node/6585778 Comment: CVSS (Max): 5.3 CVE-2022-22316 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- IBM MQ for HP NonStop Server is affected by vulnerability CVE-2022-22316 Document Information Document number : 6585778 Modified date : 12 May 2022 Product : IBM MQ for HPE NonStop Component : Server Software version : 8.1 Operating system(s): HPE NonStop Edition : 8.1.0.0,8.1.0.1 Summary An issue within MQ can allow required authorization checks to be omitted when applications are working with clustered queues. The issue is described by CVE-2022-22316. Vulnerability Details CVEID: CVE-2022-22316 DESCRIPTION: IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 218276 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions +------------------------+-----------+ |Affected Product(s) |Version(s) | +------------------------+-----------+ |IBM MQ for HPE NonStop |8.1.0 | +------------------------+-----------+ Remediation/Fixes +----------------------------------------+------------+-----------+----------------------------------------+ |IBM MQ V8.1 for HPE NonStop |8.1.0.10 |IT40790 |Upgrade to Fixpack 8.1.0.10 | +----------------------------------------+------------+-----------+----------------------------------------+ Workarounds and Mitigations None Change History 12 May 2022: Initial Publication - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMvEskNZI30y1K9AQizlg/5AdZkrtiESURWUEw5f7SE+Jgh7f4HSx7x KQ/Ur4UONi/frkKYZttEVOducQy/Rc/AzcZS7XYn3rEDo607jX0RRBXL7bVmW34w /z/hXnMAVdPyebLRNFtX2P1HHKELxG27IG13XQt94P2rtlSyMOiHjlYguSRCY5oT FFdoTwFymY1pJDjCgR1shX8nBhORWQdFiaQ7mVU9HXmWY0eU+062E6UNFnniODnQ yTnW+VeE43m/aPKHhlKmF4DoFK1Ts+iEfw+6UjaHtBHe6uImc8/GQg8PNLrA1Gtx B76w7B8vnCkwr3rXTYUg32CBp1fWFnfJY3mv8y2xUzGq7WGRNWcgnmfL83tRlAcC y8SPr1gMADjwmUNiT4P2bcBX1U1x4xGKepd53jcDBi+9Qkmd+lPndPhZOQ9EgtSB g6xjgOYQ8seGAZlJslmYEyjPhbPAuG8+TbdjOrVuFurwbGTqlPkZ9x5aBQEeO+fE oFOCSI3F6DOOe9qKWTe9GIy9rfBMxZXYE+N9nStDfHE1TErF/F/02WLzFeEO6tnm Sw0Rd0bOiZKBa8YC9cOm8wh+LTtcXtFJkSW6q91aPHAj24j28Tf1KuEwvCxYdRbK BNozqTPgciHTLwmA6K49jNfFWIQgf8vkV8PA0IVhAdzqRD9WFp8hxc0ze+vLfiWz ULar5sIgrqE= =M2RZ -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2413 - [Mac] macOS Monterey 12.4: CVSS (Max): 9.8*

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2413 macOS Monterey 12.4 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: macOS Monterey 12.4 Publisher: Apple Operating System: macOS Resolution: Patch/Upgrade CVE Names: CVE-2022-26776 CVE-2022-26775 CVE-2022-26772 CVE-2022-26770 CVE-2022-26769 CVE-2022-26768 CVE-2022-26767 CVE-2022-26766 CVE-2022-26765 CVE-2022-26764 CVE-2022-26763 CVE-2022-26762 CVE-2022-26761 CVE-2022-26757 CVE-2022-26756 CVE-2022-26755 CVE-2022-26754 CVE-2022-26753 CVE-2022-26752 CVE-2022-26751 CVE-2022-26750 CVE-2022-26749 CVE-2022-26748 CVE-2022-26746 CVE-2022-26745 CVE-2022-26743 CVE-2022-26742 CVE-2022-26741 CVE-2022-26740 CVE-2022-26739 CVE-2022-26738 CVE-2022-26737 CVE-2022-26736 CVE-2022-26731 CVE-2022-26728 CVE-2022-26727 CVE-2022-26726 CVE-2022-26725 CVE-2022-26723 CVE-2022-26722 CVE-2022-26721 CVE-2022-26720 CVE-2022-26719 CVE-2022-26718 CVE-2022-26717 CVE-2022-26716 CVE-2022-26715 CVE-2022-26714 CVE-2022-26712 CVE-2022-26711 CVE-2022-26710 CVE-2022-26709 CVE-2022-26708 CVE-2022-26706 CVE-2022-26704 CVE-2022-26701 CVE-2022-26700 CVE-2022-26698 CVE-2022-26697 CVE-2022-26694 CVE-2022-26693 CVE-2022-23308 CVE-2022-22721 CVE-2022-22720 CVE-2022-22719 CVE-2022-22677 CVE-2022-0778 CVE-2022-0530 CVE-2021-45444 CVE-2021-44790 CVE-2021-44224 CVE-2018-25032 Original Bulletin: https://support.apple.com/HT213257 Comment: CVSS (Max): 9.8* CVE-2022-22721 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-2 macOS Monterey 12.4 macOS Monterey 12.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213257. AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26772: an anonymous researcher AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-26741: ABC Research s.r.o CVE-2022-26742: ABC Research s.r.o CVE-2022-26749: ABC Research s.r.o CVE-2022-26750: ABC Research s.r.o CVE-2022-26752: ABC Research s.r.o CVE-2022-26753: ABC Research s.r.o CVE-2022-26754: ABC Research s.r.o apache Available for: macOS Monterey Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppleGraphicsControl Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro AVEVideoEncoder Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher Contacts Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26694: Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing CVMS Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) ImageIO Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow issue was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative ImageIO Available for: macOS Monterey Impact: Photo location information may persist after it is removed with Preview Inspector Description: A logic issue was addressed with improved state management. CVE-2022-26725: Andrew Williams and Avi Drissman of Google Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic) Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc IOKit Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab IOMobileFrameBuffer Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher Kernel Available for: macOS Monterey Impact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26743: Jordy Zomer (@pwningsystems) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyá»\x{133}n VÅ© Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero Kernel Available for: macOS Monterey Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: macOS Monterey Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de) LaunchServices Available for: macOS Monterey Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) LaunchServices Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778 PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t) PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2022-26727: Mickey Jin (@patch1t) Preview Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26693: Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing Printing Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Safari Private Browsing Available for: macOS Monterey Impact: A malicious website may be able to track users in Safari private browsing mode Description: A logic issue was addressed with improved state management. CVE-2022-26731: an anonymous researcher Security Available for: macOS Monterey Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyá»\x{133}n VÅ© Hoàng of STAR Labs SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyá»\x{133}n VÅ© Hoàng of STAR Labs SMB Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger SoftwareUpdate Available for: macOS Monterey Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) Spotlight Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. CVE-2022-26704: an anonymous researcher TCC Available for: macOS Monterey Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Monterey Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech WebRTC Available for: macOS Monterey Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call Description: A logic issue in the handling of concurrent media was addressed with improved state handling. WebKit Bugzilla: 237524 CVE-2022-22677: an anonymous researcher Wi-Fi Available for: macOS Monterey Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Wi-Fi Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26762: Wang Yu of Cyberserval zip Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Monterey Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition AppleMobileFileIntegrity We would like to acknowledge Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing for their assistance. Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance. Calendar We would like to acknowledge Eugene Lim of Government Technology Agency of Singapore for their assistance. FaceTime We would like to acknowledge Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing for their assistance. FileVault We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance. Login Window We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Photo Booth We would like to acknowledge Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing for their assistance. System Preferences We would like to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui), an anonymous researcher for their assistance. WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance. Wi-Fi We would like to acknowledge Dana Morrison for their assistance. macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+ rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc 402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa 5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4= =jaCZ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMqkMkNZI30y1K9AQhHnRAAlNbryfmmvydzcvEsVnawK/MLc0MO/2Qd RHuUvG/wrnLdy+7D9j3YpDcJ6PykzKzK+yvfLiWrOCCQzQ1GZKPsEFarf92BeCzl RxxvCxR+PhN2L6Gh90n/qiJo5zU/ix2nNe/Ypg/LaaVtyFwyP4L5kwvEcqXHfx4G r/IlBLA4qpQ0iMNqpEFD2CNS6zVVUCbppKl4NDUGjuzjDNQo0G2MVCnlkpXT57ky M+iEZWEaMcNJDAdttHpaJnDBPGFncsX8eyrEF61HILBJQLWMTCIK1TkRNUUoea9L +8LnmhGR3LT+/Mm5NhV1ZeR+JeS++jDOdnTcR2+Zd7h3xcnXMcpcm57SW3R3hP3k mSFWYkcZOHXw36pfzhSQGTVjRuMCSRQSPSgdrcUvy7l7X2z2JfZ8XGQxXurMM7H+ M6L5KYO2dKVGSMnEWgzBjIyF6bVJJccBwY+2MIt4Ler+bm1q6fFAuZw2P25J6QpM gCz8xKHCpTpdtyUcQkoTDX+KR93pYDBe8laYJAGqgX5BNbzVWxehLmd3Ni6CZjXE rx86t5AA8kaBWostcueWLN02NQB4Uy4yoArkbCJPj7+rw0M5FYsJcqv42MjwfDED aSWwIzOuwODQzsOcy423eNBAQX3xFiAOSbGwvm1oSxhs1WOuPIR6mWs3gJNDRtYp 4aHM2TFcnaw= =hPj/ -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2412 - [Mac] macOS Big Sur 11.6.6: CVSS (Max): 9.8*

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2412 macOS Big Sur 11.6.6 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: macOS Big Sur 11.6.6 Publisher: Apple Operating System: macOS Resolution: Patch/Upgrade CVE Names: CVE-2022-26776 CVE-2022-26770 CVE-2022-26769 CVE-2022-26768 CVE-2022-26767 CVE-2022-26766 CVE-2022-26763 CVE-2022-26761 CVE-2022-26757 CVE-2022-26756 CVE-2022-26755 CVE-2022-26751 CVE-2022-26748 CVE-2022-26746 CVE-2022-26745 CVE-2022-26728 CVE-2022-26726 CVE-2022-26723 CVE-2022-26722 CVE-2022-26721 CVE-2022-26720 CVE-2022-26718 CVE-2022-26715 CVE-2022-26714 CVE-2022-26712 CVE-2022-26706 CVE-2022-26698 CVE-2022-26697 CVE-2022-23308 CVE-2022-22721 CVE-2022-22720 CVE-2022-22719 CVE-2022-22675 CVE-2022-22674 CVE-2022-22665 CVE-2022-22663 CVE-2022-22589 CVE-2022-0778 CVE-2022-0530 CVE-2022-0128 CVE-2021-46059 CVE-2021-45444 CVE-2021-44790 CVE-2021-44224 CVE-2021-4193 CVE-2021-4192 CVE-2021-4187 CVE-2021-4173 CVE-2021-4166 CVE-2021-4136 CVE-2018-25032 Original Bulletin: https://support.apple.com/HT213256 Comment: CVSS (Max): 9.8* CVE-2022-22721 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: [NVD], Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256. apache Available for: macOS Big Sur Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppKit Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleAVD Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher AppleGraphicsControl Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro CoreTypes Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e) CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) Graphics Drivers Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic) Intel Graphics Driver Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyá»\x{133}n VÅ© Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing LaunchServices Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) libresolv Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778 PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t) Printing Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Security Available for: macOS Big Sur Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyá»\x{133}n VÅ© Hoàng of STAR Labs SMB Available for: macOS Big Sur Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyá»\x{133}n VÅ© Hoàng of STAR Labs SoftwareUpdate Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) TCC Available for: macOS Big Sur Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 WebKit Available for: macOS Big Sur Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) Wi-Fi Available for: macOS Big Sur Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval zip Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance. macOS Big Sur 11.6.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/ vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4 d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o= =rtPl - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMqZskNZI30y1K9AQiqfRAAr7mVWhX6E3d0H2I7O4UbentCZ37sQ6tI BXwpPBnreRlqaAhbE6p6+OW3wHU+PTuR4KDxCR8a/mGsc0QMOeJ4oWg557tAb+15 X7UxDILYT3ShxC3xMrXgPwFe4HO2RvpecxnG1ocE6N3jH8boYNZaqkgHsuq/7fUS OKHOXEkGQEkcjFby0Of+nYpJeIYGiwG7XmoLUohR2EjGKdaxV/iZh+/d7AmiuQeS 7qAqK1IsMGQQZN5UhfFdrHvol2k93fALw0oxScmD7QgmLSXp9/1oxec0ptKGIrHp U+W+Y9zrdJ2zXj0ZQxjPqY1byR8Twhukw6qfbm2UFoTZ0MVeqBxpVQQFAibcjzTU XyCFl9WL/4vZuUMab2mmz3ncjpZoVMgdcDePJ8xfKe+55khvTYr4YTYie6smYTQb l0aNhqU4jtWQU2FIZRit21s+tx26zbbXS3Am6KQeB1cmZVPTc2xQwwXQZ32Y/59c ouLA4rCCGR2DeOPC45zOMCjM4YxyDIY9GmXlapmXEoTBcvMXgEqFxivFky9o/ep0 fTLHi5JU5saKNWLpkazqZmBfQO6CKeWPqvLHjdWR55IH0tePYvOs9h/6zODsUKir uEy7+LagVP5ZFs+WHjE4GEJClIxGpPWlRvFI7VOD8IAshLWxSUhZgGKv6n9ExLB1 VyAQwOZs4uo= =/fUn -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2411 - [Mac] Catalina: CVSS (Max): 9.8*

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2411 Security Update 2022-004 Catalina 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Catalina Publisher: Apple Operating System: macOS Resolution: Patch/Upgrade CVE Names: CVE-2022-26775 CVE-2022-26770 CVE-2022-26769 CVE-2022-26766 CVE-2022-26763 CVE-2022-26761 CVE-2022-26757 CVE-2022-26756 CVE-2022-26755 CVE-2022-26751 CVE-2022-26748 CVE-2022-26746 CVE-2022-26728 CVE-2022-26727 CVE-2022-26726 CVE-2022-26722 CVE-2022-26721 CVE-2022-26720 CVE-2022-26715 CVE-2022-26714 CVE-2022-26698 CVE-2022-26697 CVE-2022-23308 CVE-2022-22721 CVE-2022-22720 CVE-2022-22719 CVE-2022-22674 CVE-2022-22665 CVE-2022-22663 CVE-2022-22589 CVE-2022-0778 CVE-2022-0530 CVE-2021-45444 CVE-2021-44790 CVE-2021-44224 CVE-2018-25032 Original Bulletin: https://support.apple.com/HT213255 Comment: CVSS (Max): 9.8* CVE-2022-22721 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina Security Update 2022-004 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213255. apache Available for: macOS Catalina Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppKit Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleGraphicsControl Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro CoreTypes Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e) CVMS Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) Graphics Drivers Available for: macOS Catalina Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic) Intel Graphics Driver Available for: macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyá»\x{133}n VÅ© Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero libresolv Available for: macOS Catalina Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Catalina Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Catalina Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Catalina Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778 PackageKit Available for: macOS Catalina Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2022-26727: Mickey Jin (@patch1t) Printing Available for: macOS Catalina Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Security Available for: macOS Catalina Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Catalina Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyá»\x{133}n VÅ© Hoàng of STAR Labs SoftwareUpdate Available for: macOS Catalina Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) TCC Available for: macOS Catalina Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Catalina Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) WebKit Available for: macOS Catalina Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) Wi-Fi Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval zip Available for: macOS Catalina Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Catalina Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Catalina Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition PackageKit We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. Security Update 2022-004 Catalina may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p rhjgGRAAggg84uE4zYtBHmo5Qz45wlY/+FT7bSyCyo2Ta0m3JQmm26UiS9ZzXlD0 58jCo/ti+gH/gqwU05SnaG88pSMT6VKaDDnmw8WcrPtbl6NN6JX8vaZLFLoGO0dB rjwap7ulcLe7/HM8kCz3qqjKj4fusxckCjmm5yBMtuMklq7i51vzkT/+ws00ALcH 4S821CqIJlS2RIho/M/pih5A/H1Onw/nzKc7VOWjWMmmwoV+oiL4gMPE9kyIAJFQ NcZO7s70Qp9N5Z0VGIkD5HkAntEqYGNKJuCQUrHS0fHFUxVrQcuBbbSiv7vwnOT0 NVcFKBQWJtfcqmtcDF8mVi2ocqUh7So6AXhZGZtL3CrVfNMgTcjq6y5XwzXMgwlm ezMX73MnV91QuGp6KVZEmoFNlJ2dhKcJ0fYAhhW9DJqvJ1u5xIkQrUkK/ERLnWpE 9DIapT8uUbb9Zgez/tS9szv5jHhKtOoPbprju7d7LHw7XMFCVKbUvx745dFZx0AG PLsJZQNsQZJIK8QdcLA50KrlyjR2ts4nUsKj07I6LR4wUmcaj+goXYq4Nh4WLnoF x1AXD5ztdYlhqMcTAnuAbUYfuki0uzSy0p7wBiTknFwKMZNIaiToo64BES+7Iu1i vrB9SdtTSQCMXgPZX1Al1e2F/K2ubovrGU9geAEwLMq3AKudI4g= =JBHs - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMqEskNZI30y1K9AQjJSxAAt7LUrv5Yt0NCk/MniIw5CE4kh2gYuWAv 0GpMwwdcjI7wEwErk0yOUD6EpfgTFAT8CqM+BLc+WjqdibrSms6wkPPUrLLwIeUd 8ohwmcjDIaR6A2OgeYmnBtBfKvtqe6OyPlI/eNWxKI+lj+kAcasK21e4WX+oTmlj AMpHY7aCTTqARuHyGDTYKbdlMmgnRjZWq4tOLhjnVoUmmo3w3MSSQh1UojpAYhK0 Mzi707nUNA92/L6HE2ygMH2ddDmhXghCgsxU6Ik+QsA2oww5klMhGbX2qFVM4lR6 60nDHIMeBLkZb1p1N1lC3K8bDINmHN+Og86AGzOAWCLMCS+mn3TuFILRp1CjlXp4 4vWU53YGchhfdOCyF6TsLkc8MPINb9Hwbb3iLWeTYObaaN6MlxR1sZo6pO4OrlYk riGjfPTqyawjuo5muWkE4PCpGiFzOEW2TCBhbGPObp4+XCqypoGwJl6nTsqBha1V ABvF5sKWCtt8Bz0b2b05tCY4QchbijpUGx+xBe3VMInt+DKo4f7o1bTOfSa5Wfi/ Q5GYzEWo8OHSqMvy1uO1GGwi7FIC15sPZJLJGzYW1L1F2PBue9gfMWEMc+/dbClj JoPkcOIBx2O9whBWCZooBGvzSy9A1thOaxcbHO8jKS6xT6YOjeVsg2l6GDLT5IFl F687rur3eoY= =8TIq -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2410 - [Apple iOS] watchOS 8.6: CVSS (Max): 7.5*

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2410 watchOS 8.6 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: watchOS 8.6 Publisher: Apple Operating System: Apple iOS Resolution: Patch/Upgrade CVE Names: CVE-2022-26771 CVE-2022-26768 CVE-2022-26766 CVE-2022-26765 CVE-2022-26764 CVE-2022-26763 CVE-2022-26757 CVE-2022-26745 CVE-2022-26726 CVE-2022-26719 CVE-2022-26717 CVE-2022-26716 CVE-2022-26714 CVE-2022-26711 CVE-2022-26710 CVE-2022-26709 CVE-2022-26706 CVE-2022-26702 CVE-2022-26700 CVE-2022-23308 CVE-2022-22675 Original Bulletin: https://support.apple.com/HT213253 Comment: CVSS (Max): 7.5* CVE-2022-23308 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-5 watchOS 8.6 watchOS 8.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213253. AppleAVD Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26702: an anonymous researcher AppleAVD Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher DriverKit Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) ImageIO Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative IOMobileFrameBuffer Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher IOSurfaceAccelerator Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26771: an anonymous researcher Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyá»\x{133}n VÅ© Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero Kernel Available for: Apple Watch Series 3 and later Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: Apple Watch Series 3 and later Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de) LaunchServices Available for: Apple Watch Series 3 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) libxml2 Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 Security Available for: Apple Watch Series 3 and later Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) TCC Available for: Apple Watch Series 3 and later Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech Wi-Fi Available for: Apple Watch Series 3 and later Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Additional recognition AppleMobileFileIntegrity We would like to acknowledge Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing for their assistance. WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance. Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p rhhgaBAAq/igmuSba0Occu1TcS6aXG50gjUZyJXPu7/UVVWI4icwz+c/ruKquy/w XuiT+C2Q6CJIWn2qM+hHrHtgsi3EYI6XxrbgcLgmvGvbwICs9RwHyHc1ztSyurTe ys8gJkc+/nZWPKR4dy7JUl8NdjoTWuUyGVE9xOJQeISND5xUoDz2i9d8FKgkZta6 FoJlIWCDuNq01vgcAfKSZqPX2mEPMnWL47Q6g69PXIs34iBcOrHNesZ/mH/jz5Nz aAnisEj9gC0+KERoMSmGoBrYmP7kr/DmVBEwa9cDA0rGfNntgNliQ7wbLxnT8kJG rJARAyLPtPsygs7UmnkDaNDkI/a63dIRWwPIKUOQYtKKqwNL5GSoytdk/OhRGjmN Hi7k1GmvGiJA7bFI3PIQDSi3YSC1cs9CeyIL2rNUSVmRZ7jHlXxlDQYH1/ad4DU1 TqVw9Rwg0mlc0tYKUNjChg/uAK1G5OGidxtLRt0FzUaXvPoVLe0/btYeaH6ijfU9 i1W+xJ8jGgWddP7r1HvNeN6B+WGuIEcla+GNduEV3+AcnxL9h6FP8sAzQuTHQtKC AkqUO1G20ieIQHKJPNEIpgLlrCFYVajDfRtB9zGDme6aBZNHxefOWMMxdKfnspj2 MtFpJ9qPmpnRITjCF5z1RDfqFjXUZvePcRA6rS1Lq4ClgQ575yI= =zdvf - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMp08kNZI30y1K9AQjm+g//c9KWpHYQ9TOBK68qHawu62tmw/MYx/gI Jg2cxJr/Y2fcjPSd7Mh2ePHmnbNjIzWVrOURc3sQ31repgrWp9fiWhqBBK+GFHtg gYgwx8pDrosvKO1LDZIxOMO9qi9hsnI0KT9SbHaSj1Iz3KqdCny8Cyta1qUkf6b0 QxVh6gi3JwzMNihqmY3UJK3Ag+xQcxEh+Uy71wCm+BS6wu+8IYpOShjsnGIVghNR 4LV/6tLTixH3hufhx4sLmJVanjPhuUYH+VRKoHIHYT1BXiACdgkFsaw5QgB5aI9F fcCqLRASYA1THctHJbDEmVTw8QjcG2ofQTkm9d34KsrH5nTvuI7a7NNkW+jplptK U5dNHHUlUnRgDwGgsBorCrCneiRiDCDvR+q9Bw70l+pTKTnCGUJ4IqPgL/2OJYe5 qE+xUX/wPsMySsuDYTN2PQZr/AUMDAa2AIAo9GhWE/4raUrSRyV9iVcRJ7z9JPy8 jccgtDz1eH5OKm6wgKsca+thEgywDbZmuhjQIQuAmk8mUyq7fIc7teyyfo8jx7J+ A1TAzZ5N3+gvOTuvKqq2XPvqx1iJYG8pB9ZBtqc2b2THLAghNNjPL6qnZCugUV63 0eENpCf3VsZxsNtZqohRN94gnJ3bhsPVFFmecltlAkMTZjEDSB8vX5TBdmi5VNx+ hNZyaObQbwo= =OSLV -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2409 - [Apple iOS] tvOS 15.5: CVSS (Max): 7.5*

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2409 tvOS 15.5 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tvOS 15.5 Publisher: Apple Operating System: Apple iOS Resolution: Patch/Upgrade CVE Names: CVE-2022-26771 CVE-2022-26768 CVE-2022-26766 CVE-2022-26765 CVE-2022-26764 CVE-2022-26763 CVE-2022-26757 CVE-2022-26745 CVE-2022-26740 CVE-2022-26739 CVE-2022-26738 CVE-2022-26737 CVE-2022-26736 CVE-2022-26724 CVE-2022-26719 CVE-2022-26717 CVE-2022-26716 CVE-2022-26714 CVE-2022-26711 CVE-2022-26710 CVE-2022-26709 CVE-2022-26706 CVE-2022-26702 CVE-2022-26701 CVE-2022-26700 CVE-2022-23308 CVE-2022-22675 Original Bulletin: https://support.apple.com/HT213254 Comment: CVSS (Max): 7.5* CVE-2022-23308 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-6 tvOS 15.5 tvOS 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213254. AppleAVD Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26702: an anonymous researcher AppleAVD Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher AuthKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A local user may be able to enable iCloud Photos without authentication Description: An authentication issue was addressed with improved state management. CVE-2022-26724: Jorge A. Caballero (@DataDrivenMD) AVEVideoEncoder Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher DriverKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) ImageIO Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative IOKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab IOMobileFrameBuffer Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher IOSurfaceAccelerator Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26771: an anonymous researcher Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyá»\x{133}n VÅ© Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de) LaunchServices Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) libxml2 Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 Security Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech Wi-Fi Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Additional recognition AppleMobileFileIntegrity We would like to acknowledge Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing for their assistance. WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance. Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TcACgkQeC9qKD1p rhiw7BAAy82XZ2+vjnjFB1FrZ7ZnKtM4pz8MMpX4ZTD2ytgkwXi0qnyzBdMe/w4p zrpedL4p/RfdDOiM/4kWBtiH62qetiXDcE8tBqN8WTE9rf55cX4jlXrHASohFI2q ErkAjo51j2fg8S7a+luyaZWzBUZqlghtzWjtFgaHOQAP5dDf+He92kDerbrIDQw9 dg0nL4os0VFgWdX0EtFC7umK8iiTFbvtoEbLDLFODWweaJN8LOP/LHe71YzAryKg Dh9ItWqVdzkCOKWR8F96NnoBs7c6B4naqQkS4k2F/m6C6ckPb8LI18ss7oiD3eMB k7oo7+u1zQFRKmk0XlfH7awxtEHjYjjw3LT8ko9QJ8mEuspxoiwW7n1mINWa7Khp YoCe88xR06kfti4h6MJDSN6JpxSnikEyJzR4j4xGL6rWjqCj+XV9ejrt9EgF8BL2 JZ+Oceoh23m7IqVoMe1Hzjf1X3nsxXJQEg/xxRwHRknAjSNtVJUKhT4/ioOc9pu6 TROAHYdSO5yRLNUNpj9RlkBeDbXtiWgA2IEg0wcUPzwf3Uzt2Qw9zBFbMb1hPSht 7zTIOtF4Ub+MD6cFuHbC7hL58pRmA4FzEczLG81BoGGaFOCD2QDt0/ySTFr1M+YD g2L2PlZNgxd0zetkTkZbvAwroMUTRSi1GqxAhVeKwbvW4XAN+yc= =G3ho - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMppckNZI30y1K9AQgB/Q//UVRtkZGXFfkORKbqMjbPaFx8KvseBLny coA4uYYE52nXuX9h0YlCpc/MseC1BVPd2ndOcvoYWmxLBrYsOjBncfIcBeQjRO2Q pEKFe4BSD/dlZTm5I8qA798bP3hlAoia/Z01ZjJujY08bP7iBKFpWPmuCG30YA0V +wtLYJ/CCObHMbK/QkiO4O84+Hd0SP4uFZcPdGOjMSZUj1iY6rRn9QbNHbRFAHeK Pc3oP5ZKVWDSCm+9c+vkRmEgz+DATh3nwtoj9jkGYxnQ5O2Tl1lcMDtaWVYdqNcs riUOUuu03ZFiCw0DZzsNdyKPJF0pS+fgn8a9sMs2SACZO2l4V5Eu2YByzMfU+I/Z Wsfg58fpGbB07qTmDmhf2aG2Gwab9TsirNrGh6tpjNY/cF24M7lZzP31EH0hZEt7 2X265Cz7VPctcWm6HTTAOVZTVWZ0eIMowC2Fq4ANoSvYbmrK5z70Ysa+YQdJVo3K VryijRSkxxPhj9SMGyVWF2JoOThLou0GWA99oFhx31Nil2c51bhIJ+fs6oNYB/Xg 10iBcmgIwuVPUFC1rTxKSQSGUcgnYfdnw99mk13wFAsxU5wk0Zl4YHy92sc0w7Jn pXqWnBpdc/ds5VC/OL0ueSM+axUoa6fyNTK+RK4GtUArcnQrm5agwQhMY7Ecg7SJ ITFg63CL8Yk= =Rwh6 -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2408 - [Mac] Safari 15.5: CVSS (Max): None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2408 Safari 15.5 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Safari 15.5 Publisher: Apple Operating System: macOS Resolution: Patch/Upgrade CVE Names: CVE-2022-26719 CVE-2022-26717 CVE-2022-26716 CVE-2022-26709 CVE-2022-26700 Original Bulletin: https://support.apple.com/HT213260 Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-7 Safari 15.5 Safari 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213260. WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech Additional recognition WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance. Safari 15.5 may be obtained from the Mac App Store. All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TcACgkQeC9qKD1p rhjYBQ/+LNLAA17vZ+b2uQnKRb9rCwHHZQoSm0rjxXyzcUiZaeloZQ6KTsIidEdr JxuqDYjtV8OfSqsgz03z/iK3Ka4AEqM8GNvrX5LhZVqzXnY8K8XHnsi9Z/EfY6nf XfRGhPAw/9juxWzLA3ywIu8D9eql1zWEixk82awqNv1v4+Xym4Ff9rEmtSMdJ+9R i32E8erdN2GHcR9Dvn2ej/MA/M8YKT6Zxx2Uax4VDJstJdNctabwW1rNwr0Km1ut gD9PEWLb3UeKOcBt/2qWHpohWANixft8+p0SJAfU4uEldepi7dN2wHrkuLdGLOEs r54mTTbT8G98wYqcOizwfKTwrCb64hfrcgtB32UoSRGzl8wRfkSOdsXTmizow5BK YDu18P44K6oxe7X2PtMUEI22/TdJsp8xtgpjqX24GUjcuDb7ZN6zJ7RJijtlsraO 144GM1L9upX/A5LFBFlmXXTRJ1KTHz1PDw1+WXZTD5FWCPGh6uj0HtdXWOcaaNa5 uqi7lhc0JxezyKv2QL6/PY8s/811kWfLr1MtNL7nVEMyJX4o3s8yFF1k58KyEzhy +VrzGoHQF1y8dhhDGPUrv5fSaCxZ5da2ZDpwBxNZMHLh5sDddvUspGLUTKmQY66R FanqabJeytFLB3yfdMJEQ+qDf8N6KIkw1V3HJw4YJQnF8sleWfM= =Vm71 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMpdskNZI30y1K9AQiIsQ//R5iZwQUTIdahmymgmkV9wb+RRw0Na+98 LZ94Tue2VAApoUfblaMG2d/xXBv7LAWv5E6cAh0k4Bv1+VHDQ14UE3krfrpxBCQ3 t2/UCLxNrleVjxHaPnWIeuRsHQMpvS2nFea+Ob7JIwr849yjWvla5vUkKYQ2X1Ss QubzcNeC64nE5rs6QH2B3vZVpO8jXdrPIRRGglFysBTSUUe8zhZ6eZJc307q0HoH 4dMbRHckTNc1jF6VJBBZA4gAkWnxbRdw0TSwBXMWUv2vQ8Wwm3mVFsEwAhIkX6RQ qsJhKB1QaTar+ryFsB6vDPQjSp0tefsYegwcsbS5SrlePIknVVrerMwvdSBGeOR4 fIc7uzv+AhN539ETCJs05rPK68OC9pAOxP6+5l6a5dFBIS1wI+FqK2ARd/d+jURq xPzd31U0mf7io1gJEWOBhkTxuA+13rMjR+vQ2ml+lzXXMVnI3rkYQgoluleeT4tY x6scNC4ks29REHA2Wcf2cKX3Y+7S0asOtALB626uGgUhjVSE25BGkJDrhqlE99CD FFWviYuhRP9Uq18+CT8j6ZVr1Q8nb5rVf/ZaFUBXfnB5xKIEfdRwgsiMYauXvaZr rH20Sz/5GCwvhfcTIo/m+PAXcirlMaBs0LCO3GG1P9+UT1SThEXEqxkKUQQKg6Mt s1xBkfmya1g= =ddIk -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2407 - [Apple iOS] iOS 15.5 and iPadOS 15.5: CVSS (Max): 7.5*

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2407 iOS 15.5 and iPadOS 15.5 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: iOS 15.5 iPadOS 15.5 Publisher: Apple Operating System: Apple iOS Resolution: Patch/Upgrade CVE Names: CVE-2022-26771 CVE-2022-26768 CVE-2022-26766 CVE-2022-26765 CVE-2022-26764 CVE-2022-26763 CVE-2022-26762 CVE-2022-26760 CVE-2022-26757 CVE-2022-26751 CVE-2022-26745 CVE-2022-26744 CVE-2022-26740 CVE-2022-26739 CVE-2022-26738 CVE-2022-26737 CVE-2022-26736 CVE-2022-26731 CVE-2022-26719 CVE-2022-26717 CVE-2022-26716 CVE-2022-26714 CVE-2022-26711 CVE-2022-26710 CVE-2022-26709 CVE-2022-26706 CVE-2022-26703 CVE-2022-26702 CVE-2022-26701 CVE-2022-26700 CVE-2022-23308 CVE-2022-22677 CVE-2022-22673 CVE-2015-4142 Original Bulletin: https://support.apple.com/HT213258 Comment: CVSS (Max): 7.5* CVE-2022-23308 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5 iOS 15.5 and iPadOS 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213258. AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26702: an anonymous researcher AppleGraphicsControl Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AVEVideoEncoder Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher DriverKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) GPU Drivers Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26744: an anonymous researcher ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow issue was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative IOKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab IOMobileFrameBuffer Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher IOSurfaceAccelerator Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26771: an anonymous researcher Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyá»\x{133}n VÅ© Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de) LaunchServices Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) libxml2 Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 Notes Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a large input may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal Safari Private Browsing Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious website may be able to track users in Safari private browsing mode Description: A logic issue was addressed with improved state management. CVE-2022-26731: an anonymous researcher Security Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) Shortcuts Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A person with physical access to an iOS device may be able to access photos from the lock screen Description: An authorization issue was addressed with improved state management. CVE-2022-26703: Salman Syed (@slmnsd551) WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech WebRTC Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call Description: A logic issue in the handling of concurrent media was addressed with improved state handling. WebKit Bugzilla: 237524 CVE-2022-22677: an anonymous researcher Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2015-4142: Kostya Kortchinsky of Google Security Team Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26762: Wang Yu of Cyberserval Additional recognition AppleMobileFileIntegrity We would like to acknowledge Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing for their assistance. FaceTime We would like to acknowledge Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing for their assistance. WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance. Wi-Fi We would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for their assistance. This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.5 and iPadOS 15.5". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TQACgkQeC9qKD1p rhh9PRAApeuHnWvZRxSW/QArItDF2fA1eXCu7n9BwPA6CoqrU7v7aR6H/NQ3wes6 xOjoRccHRCWRJ12RubM06ggC+WA/MLb96t2Wc4IUoFDkI3G6fp/I3aHpSONv4YMt EoHSGMpJ3qAb6Z60mIMcshsCtyv9k4LxpjOTnHKRLp/M4JLWG4CanOGpN2u/wPPV TpRY4jkZlAdvQK3qrPmA8aO5sWnbh5l//kUS6IL649seZQFUeZdz7QUyodjjqr2/ XWyqsQC4mqVphxwvWDWA5J6/Zf7C7hNdZ1BE+SPpLhjEZlU6IYBFY2PLrg9NDTv8 YMZpftlm5HQo3qmy/HLoiF8bIqgtdz+TpgNiT+TYz9+/pvP/hyGbX6xF9esKBVjj +1OUnd2GaLjSdY7o9WOtZgSJQxi1/R1X1+DjY1vI+d/TQZ+Sz58Me90R99aWc+Gc 1B8e6FhjwT48rHJiuIw75ZW1orpUX6OL5vqdge0H1aJXm7EEUhByZvm2E2DajKu2 mp2jr01UZyb3ro0qE1zpNitNORWAdvrlriIJxFVxtxW4MygMn8ThJ/Jz2LjquHvT EwvCyB9jaqPKja3b/dwzf/nowjw+aocxOjelW2Q/HcyR13YF2ZHd1+hNtG/7Isrx WIpI9nNAQQ2LCQIgL7/xCn6Yni9t3le3+eU+cdafoqJKTpETNbk= =OMfW - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMpMckNZI30y1K9AQiiPw/+KY6N99dHAscVH8y98fNei8EDjfRaRXzD BqVYI/FtfRasZMMDfoFOZbOKvYsYuVMltOxIPH70BtGqEoxtorrTuV9aRkkAoc3G 0896mOsyhWogOecG5lRNep1dDq4Uuy5Jyl5Z+0E+XyPadR8mVqMNzxannaYuHBHq /qdrURmbDxRhJCni3UH35iXRM1di/4X99nddNoNESb3sXUxzmvGnGlYdkQd3kXh1 gEXQ3b2fenKFRa+VE0HPiq8DU5OqBNZJDf/1SAfdk/IN/ygVyubcWD1K+BFRfMQv a8L6kbc13hor8wzvjyrkF5hfCcS19XUdSNuX0IZShlQDJA/pbXDdV/rURn37A2X+ GczwxIQ50zUy0DfnrWgsB5qn9hXS0Jvx0gCS/9MluGq04+cFxYBjQzjM5KNysp03 p4vZrys93Ma35vs+kqxvITciIzV4u71v8GHc5njgIehEcEpaa7nTDwzKpYUizxX+ bHROF+0hN5rsJFgvHzdFMDxSkk6A2nHXwYUK2vn1wK9QC+B0FiriRrC9FQHX4NcC AI1L3oqQ5blhBHMwvHwxs7UrK39HpOHSi4uhwA9JpkN8UWsuvaqIffKPwsBydEKd NEZ8aL6ohpazs1IWn3MfZcT+UZU2OvCRijwPHTj3UQqo+g9UHKR2SRoVmtd12c3O uq5oeZCq+kQ= =WIAC -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2406 - [Debian] libxml2: CVSS (Max): 6.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2406 libxml2 security update 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libxml2 Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-29824 Original Bulletin: https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html Comment: CVSS (Max): 6.5 CVE-2022-29824 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3012-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany May 17, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : libxml2 Version : 2.9.4+dfsg1-2.2+deb9u7 CVE ID : CVE-2022-29824 Debian Bug : 1010526 Felix Wilhelm discovered that libxml2, the GNOME XML library, did not corre= ctly check for integer overflows or used wrong types for buffer sizes. This coul= d result in out-of-bounds writes or other memory errors when working on large= , multi-gigabyte buffers. For Debian 9 stretch, this problem has been fixed in version 2.9.4+dfsg1-2.2+deb9u7. We recommend that you upgrade your libxml2 packages. For the detailed security status of libxml2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libxml2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - --=-N8LLZvKyAFybTC8VQscH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit - -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKC2H5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTXfQ//ZI7nHp3TvoGvL2Y3uwZdFTrh8A+RC/BWF+5KFYF/csW5Q7sdI5MFjh3V piBebzCNnMA1NC3etN4Y2cXNa7tjHMn4P53MHh/MhW2x0Yb8Om3hd5D6y6gB3C1A mhu01vK+Kezo3Oi/T6zcAkDTtdx16TeDUH4hPF+KPKZ+fLa9Unm4whg08Iljdw0e uiXWrvdLyQkFxP4LbrM4/b055Gq9Oe2gXraTAT9eD/YyKYT5LwfX4lbUDkV9E3ww qMgsLLptMGTnT+lqFaArj5xCCDHWvtr+IJYG1fg+p/7hZoyAfaOvx75G7zCX68Uf TFT67entEVHw6u0yuTroX53CTPNfGbsJB57fIm2rFKCSxphig+JUINHnqwYMQl3D pmVLpYtr3yITDnfekRkfAoQ7kEInYIzL8JLAZsEevE+bBT5FNTm/et7lkmRGNK3B KHYFLRMsnpVsC0haZKEyl2HuOXJSj4kAFzxYd0bgkggvVLZ7TUcY/3HlgDjg5qve NeEvx3Vn74zZhlq0yE71/h+OLSkkZWmNrR5j0zblGPORGvlJs0/ZSoOm192wtlwp Cu4qWyIv0W4uwSr29QPNUk6J0+4u0cLoIUQ3AvgsQM9r8ammJso/keQ6zAnC8cls JhyfV7fF6hfuuCWeJAcPGBq/uJjJB5v/HSuluSfg4EkQnJJLs0M= =KFSz - -----END PGP SIGNATURE----- - --=-N8LLZvKyAFybTC8VQscH-- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMoz8kNZI30y1K9AQhHJg/+LHVmNfCk0ru8e+lwSk+rayvJM6rJH2ac rYyQP2XPPIlA5sy6bdiKpilZrPRVaiwTTlNY3FEJBpuHyQnD8NbufD74bCJAnEGD vgqWLM2VBH3k0S6lIAifas6bOyOb6Rqj3i0Nb7Z+0jOLIwsf/IT0qYh3+oX3W0Wl GGsnm5lGKfhaNhJpERvyumoGIB4ws+J6QXRFh2A+vH+F3ZSewYZrVOAKiRW+fDJ3 bgr1w093pZFv0OJSLQi8V9xwByL0CA46giy+UXYEJe9nTiuDcMpkyjFZpSmnzO2T q2nj47GTUNTBy7MR18qL4qBfDcydjduufEWHVbjg2BPl29lhmSpmGlyOrqwL55th jGseuBmYU4xsACoVmcaKFYPglCmFXEEWwLaov4bgPB73zimLMkcP3yK2N7Bm2cm9 tu5w73NkFyCqyHRwTTAvJg6i4EGwY8K6kC9odHIU+AlfGJAshp+2roZ7qdL3r7CZ TYap52xPSjq+cy0Xi3uzrR0kcEbu1aXvWqKniOsymFmqo1CGmBwgdQt7VqBcfjTi Qa25yI/g/wNlmXoZBkJVTMZ5yD2S1+Ne1/Kll/YolU5qY2HqlBK0dDBpf1kwOPgL 8f0hiGt+fy4DLnlAlQpPw4zi+vfgrc2opFR+myQY6V4SSZtbfZ0eibIHKZ4qF3Fk VqBy5IfulwM= =J4JU -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2405 - [Debian] vim: CVSS (Max): 9.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2405 vim security update 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: vim Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-1621 CVE-2022-1619 CVE-2022-1616 CVE-2022-1154 CVE-2022-0572 CVE-2022-0443 CVE-2022-0413 CVE-2022-0351 CVE-2022-0261 Original Bulletin: https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html Comment: CVSS (Max): 9.8 CVE-2022-1154 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: [NVD], Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - --=-1fwaBvH2iX3bVgLfBba0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3011-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany May 16, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : vim Version : 2:8.0.0197-4+deb9u6 CVE ID : CVE-2022-0261 CVE-2022-0351 CVE-2022-0413 CVE-2022-0443= =20 CVE-2022-0572 CVE-2022-1154 CVE-2022-1616 CVE-2022-1619= =20 CVE-2022-1621 Multiple security vulnerabilities have been discovered in vim, an enhanced vi editor. Buffer overflows, out-of-bounds reads and use-after-free may = =20 lead to a denial-of-service (application crash) or other unspecified impact. For Debian 9 stretch, these problems have been fixed in version 2:8.0.0197-4+deb9u6. We recommend that you upgrade your vim packages. For the detailed security status of vim please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vim Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - --=-1fwaBvH2iX3bVgLfBba0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit - -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKCqRFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTJ5RAAmUFTD1Np2augCkR2T2EJttfN8zLJtdiPZlSuZpKxqX8U7yP78ATcxoLg 9XmnbVda5c+5NjAqCGpN8/VKpP06EtAAo6m80+cNNYA7G7ahxZ5+67y1o8EUjmfi t5SBDuwK0+J7/Yet/WMqVcFBvE0MFJVN0HGm4mF79cbP+mdRDanVU9uJt7u4rQ5F 7gKHxdnr+XCy9ocCKJ8UL207jfkf6uoPi9cgplo0mgXf/Yc6B88lbrdotHOkvEFG YW39PMnkjt2Fdqm3FiERXWdHsgAhYpItIm0T4kBQarOUvk2O3n3LNiKar3/0pded sVl+seysYyf5cnEw7yJIbX44MWTcfwBjV0OCdhfz2nUfwUywkW5rvVIYAb02xMr/ hxmJFPZ5M298SxVGwoE9HN5dvoPQToqQ2lvl3xdljVIkAE4665Xo+/cKsbqEW9Uk 6QzBW22qrQQOZ8MqXpnzyNrV5BpALvERECc2bEhwttTtGNrIZ+eLE/eLr5yx2cze lZFMKzAD69f4P0kx2Fl/ZkkT2sOyL+W2aos0bAXNCixFbCGaPg7ONNs8CKAoS6kY CHdR9M3O0wg8cHhJcovGZpcWjaK/HieruSKot1I1vuT2Px0JAxnYfxvX1h3V570f RG8rnwS4XNpXq+OP422AHFqsw6H73N4gKMjP4I8AyOJwMmF1vhU= =8cIJ - -----END PGP SIGNATURE----- - --=-1fwaBvH2iX3bVgLfBba0-- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMonskNZI30y1K9AQg1Pw//dW3tTONEJKOuZ7KQX+49xlSaYb5pNTmE L2r4oVZKrPJ4pJBhkjDYPwChVlYy3l/NPrVTqm4XdW4v/oV8Y+qt/SkamzK9XxRo hFEBhWkvGBoDO6GWZUrHax4c0xLLdPuBL2TIt2kK3shMYbHvPq72Jwy4QVT18X2o 8R8EzMN2zLfkpujBhiwTNUmIwqSZ7haoqo8/wQDKHN85ew5B/ADsQj907oYzNYSQ oNZAn2avgsIZC0svykqKmZk7RbckdQjgGO5EUtPDcqeQfPRoZAV+DLYM31i6SwLt RT56qSWqttiZgIwMot0HqU47zlNI7clFTfsYN3PviaGBUQco4N0wITGZq4Dk7pxC OpExC95A+DA66HGQvT6v3jv33vgf+Jp+g7UGNEiYXf515P/ozy48PS6hRsCBoSv3 hRiFnnkMWEi7OTw5d5cLoSkyH841vlfRWqwiNvbaHQ/o++RC5PYGPO5XAOjsHT/E m1NlXbyCIpRDfk0WIn+zXuCxcqTPzyTEldafH7rHR/kLvwzeO+F0kivuWZA6dPXz zkuYHPH90EVv5xlZTPlg/xMrJgIbU/P+K7yeMVe8i3a2aqs1v8GLG9Q8uEmaGTcU ym3Uq6GlazeQWaS5UdUXj126BZQP9MZJw0XGM3YLwyU16qyPPZKHv3vwxIe2x2so lztTYYPactM= =dcT7 -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2404 - [Debian] ffmpeg: CVSS (Max): None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2404 ffmpeg security update 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ffmpeg Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade Original Bulletin: https://lists.debian.org/debian-lts-announce/2022/05/msg00021.html Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - --kek6ohtacr4izfbx Content-Type: text/plain; charset=utf-8 Content-Disposition: inline - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3010-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Enrico Zini May 16, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : ffmpeg Version : 7:3.2.18-0+deb9u1 The ffmpeg project released the new version 3.2.18 with fixes for various issues found by the OSS-Fuzz project. For Debian 9 stretch, this release is packaged in version 7:3.2.18-0+deb9u1. We recommend that you upgrade your ffmpeg packages. For the detailed security status of ffmpeg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ffmpeg Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - --kek6ohtacr4izfbx Content-Type: application/pgp-signature; name="signature.asc" - -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEJJAhGtA2CH5tHZqS0P9Jy+P0+2gFAmKCZTcACgkQ0P9Jy+P0 +2jvHBAApPruiVaqZXZsPo0THrL7HnxF5b34ddU00RsFdYooFTzQb0wNYst4IPXA znBU9jOlakjEtOtG7wpdozdT3QcPVHSzy9MvfMU66abvmEmctCjGfW8miYFvhYsP zjZhKq+qsJ28VaR9BFv/TgjPGn3YQhF2jw95lKDrYAKW+39RQHlXbdcQpDN1PS2W ODdIouG36sa7mJAa+bL2wm2y6oZbW3AEav5K0W+PmoF0oZ9mrCuDEU7y+HbvlDO7 /lJ8qB2lyGfnecr4r//sdffC8DBD9z42XRCcAkoPZ5NhSU1qwsxxp+17GLPSCdSD oFClMYjqOF9gM4fzpWaM8fJP/+1Rk+YmzTWFRr70SFjNWGcv9lj0iUugu0FN0gR7 GovA5HzRYLwc4crDEPxSVEvoEcTHsiK1MMh0Kc22Dp3jtyQhn7zeCKkBxrzPA31q bBQVSeSf7Zij15mRtmgq5TQDFRnF3h/E5/r2heMWL2kWGoVYMaHlkZPvj47/qmyA Ut53QyxZ2oT4tSkp6hkAcnSKJoiTSDDFo1E0nqlTgjWjrqx+tRhyGi/3Wu+z2pKx qSuq+G7JwZ83u9Dglgjk+DU0FFSJnvpFdZqIAGaWQPkvE3Ujz2bYZbCZidrinIvQ ODzx+Ekb5mmXyeJgKCc7XFm0K4MMH1roGjGlUis67wjNfSY4B+4= =Jykr - -----END PGP SIGNATURE----- - --kek6ohtacr4izfbx-- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMocckNZI30y1K9AQgxxw/9EhdrR5C8LZJhLAaYrcv0Amm6AJKCImf9 gK5f6n2nywAyJCJmggZudpQXEoB4+X/Q+QWz00hCC4COg25iYu3AedHL9OaYNi06 wv18g611m9NwoRsFuOYVuwxKXHwyHqYJEaajfD4FH0KTDUA4y+nJf/sgOWAYjIhH utBgzByakvRXyJbYVz9QQQiZ5EYhFVoPPJzTf4nWdYNnK6F0SLDLgIf7QU7ZDC0M HHfmu7kBIXh9WGLGhW2Ia8GaX8cCiH3f8tfOgxtQTEN+ZKvVeM7QGrCiv55Pojha +p0VMd9FMtHGqHcXDl4VwDSZBETD8ylZqq8jwCRUtoWgsW/85OI7JUU+Mf+6vEAj gjwKx+CTPdx0fMuRhKfEnrX/W6xfo/6BgW/njaqGeMz1PsH+36AFskv6eIky18CP EQdGsTfnoHfObV/SPUHnOue0ZKHJsaJrl7VQCk0M11d0MFAZF3zST+3L4uvNlu6X kOQyGhM03T5A1sJSZUjGbLz640NGTaY5YtWg2A+/YLxW67MufqW6+hVCsA/A9EMg tTW6ebC1Xq411KfOCUGo/1f7h7OABmHgli199GzCX4xrWrhl7KEfWqajRC9wtsSu 8AzfbS1nE2eTwBgvJjfAkVJC3IrUneUbTcRPzu34cBWcw00iCo3aKi0NvZ7EDkrn D6u6O8rqO0g= =lqQk -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2403 - [RedHat] pcs: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2403 pcs security update 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: pcs Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-29970 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2253 Comment: CVSS (Max): 7.5 CVE-2022-29970 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: pcs security update Advisory ID: RHSA-2022:2253-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2253 Issue date: 2022-05-16 CVE Names: CVE-2022-29970 ===================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Resilient Storage EUS (v. 8.2) - ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * sinatra: path traversal possible outside of public_dir when serving static files (CVE-2022-29970) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2081096 - CVE-2022-29970 sinatra: path traversal possible outside of public_dir when serving static files 6. Package List: Red Hat Enterprise Linux High Availability EUS (v. 8.2): Source: pcs-0.10.4-6.el8_2.2.src.rpm aarch64: pcs-0.10.4-6.el8_2.2.aarch64.rpm pcs-snmp-0.10.4-6.el8_2.2.aarch64.rpm ppc64le: pcs-0.10.4-6.el8_2.2.ppc64le.rpm pcs-snmp-0.10.4-6.el8_2.2.ppc64le.rpm s390x: pcs-0.10.4-6.el8_2.2.s390x.rpm pcs-snmp-0.10.4-6.el8_2.2.s390x.rpm x86_64: pcs-0.10.4-6.el8_2.2.x86_64.rpm pcs-snmp-0.10.4-6.el8_2.2.x86_64.rpm Red Hat Enterprise Linux Resilient Storage EUS (v. 8.2): Source: pcs-0.10.4-6.el8_2.2.src.rpm ppc64le: pcs-0.10.4-6.el8_2.2.ppc64le.rpm pcs-snmp-0.10.4-6.el8_2.2.ppc64le.rpm s390x: pcs-0.10.4-6.el8_2.2.s390x.rpm pcs-snmp-0.10.4-6.el8_2.2.s390x.rpm x86_64: pcs-0.10.4-6.el8_2.2.x86_64.rpm pcs-snmp-0.10.4-6.el8_2.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-29970 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYoIk0NzjgjWX9erEAQjwcRAAmRJ0Da6lCXSanVaUGDQHoSaP4HYMMDH3 y4whOn/KXsGcsFSKSSxX4I3mV5Pq3e09UxlMCTNz6kglr1MmuU/dMhEdIfEJ8QIC nKKZFFWXoUzl7zGdne68vJz71opBTyJPmTLi/GUJ9R882nYn3ZuAQeCgeNfKHtah bDusEX+DkUkuJam5FjlOSQjOFbUP08MaQoIJvP8aXNGTcXyFR7MkCZnGNzMYdSDV RxJhFXtuKcFfe0x6UkNLF0gPtr4LjGVfeuKJeAYIlpvwlLfZXrM6VYzpgKz0A1/m 3pLUtQajtf1qJr7MTnlpwWyKh2xgC2jSzFs55k2gghTJhRgB3uwdGHJpowBGUdom reOCpNzpYCdyMv7m4YgAXAWUZfN/jtY8MGXqhQJYEL54msTkR3zkEP2MSw6eRbeL xX+DxLSVdC50ivWCOhcP533pmhH3TwdWlKVmiZaoDJx+763F/7FjmIO6oyukM2B2 N7Gz2COdK5CJyIrgRzee5Uk+Fdkklc4KCeDnl5tK89qKfXooI8Sp9PG1UpzNoNmR 0v9t3JjNxSr8UehjSV54BXckIHqQd5zfV5B7srqAiLOJrQ76aJwwBvOmfRRictB6 VVcax6IJU/LnkFOuqX3yo4U7ZNkq27iH8zfQHMePMQ+fDRZmpl4abRGD96FrSnkK ZyfjeJyYLTY= =05IH - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMoSckNZI30y1K9AQj9LxAAt/vbevc5dC1aRk2Bvc2BZ5Afom/kdNUA YqF9Dah6OgEg6YsbilpbmjMWzG6m8+FfYaW2LtoEGccKlZ3lWqZzriMMwyqq5Y0Q LhHksw2u2rKE50sDdp8GhOMVXJvXUFe/PDvVTvoVsQ2swlAVtbcEvUck3QMBqxpZ mxqg06rXUCXudjBWyIXhLj4fzyWAiDBVBOR94gZbKWhowzhyXb2TdqFYhafLbO68 S4ImuAoSn+XzN1e0AG6i/8FTXz+6IIVj0v3m+ZyaUvZe3YbB+aAH8Bsu0jUMvKam U7l7Ojl9WAngz85K4IHfmik1rwNUBv/UGF5y546qNcL8iaiDovm1H2Ohmo53pH4x KPAEcPEozNJsT8ubDA1ssPdhBR2WF1Dqw5HoFDsZ5p14TD0CiVU0f89cF05P3hE5 Uh5XsiZM+mkYvSoOBBZbsl9zo9/PbN87RjHb2NAKFVErYwc80MeHjIA7SD1n6rtn S7w+JiQmudt6fYV2K+JR9QOirNtQQ5i/OlN/NWVNMsTp6qk98ZnKot7ALNqsYJZu lNw0HOqFV32nh2i78xNGdSYtJNQmLgyd0LZ9vDD1fPtL/6jOEudBbbmfagOgexWQ y7g+Ac+X8wOGNDTts2vixsPnadcJUKGCoD96MwWRZhKx9AoW8v5s2GfG5FD6zSOv 3RRHF2EM14U= =gbUJ -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2402 - [RedHat] pcs: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2402 pcs security update 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: pcs Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-29970 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2256 Comment: CVSS (Max): 7.5 CVE-2022-29970 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: pcs security update Advisory ID: RHSA-2022:2256-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2256 Issue date: 2022-05-16 CVE Names: CVE-2022-29970 ===================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Resilient Storage EUS (v.8.4) - ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * sinatra: path traversal possible outside of public_dir when serving static files (CVE-2022-29970) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2081096 - CVE-2022-29970 sinatra: path traversal possible outside of public_dir when serving static files 6. Package List: Red Hat Enterprise Linux High Availability EUS (v.8.4): Source: pcs-0.10.8-1.el8_4.1.src.rpm aarch64: pcs-0.10.8-1.el8_4.1.aarch64.rpm pcs-snmp-0.10.8-1.el8_4.1.aarch64.rpm ppc64le: pcs-0.10.8-1.el8_4.1.ppc64le.rpm pcs-snmp-0.10.8-1.el8_4.1.ppc64le.rpm s390x: pcs-0.10.8-1.el8_4.1.s390x.rpm pcs-snmp-0.10.8-1.el8_4.1.s390x.rpm x86_64: pcs-0.10.8-1.el8_4.1.x86_64.rpm pcs-snmp-0.10.8-1.el8_4.1.x86_64.rpm Red Hat Enterprise Linux Resilient Storage EUS (v.8.4): Source: pcs-0.10.8-1.el8_4.1.src.rpm ppc64le: pcs-0.10.8-1.el8_4.1.ppc64le.rpm pcs-snmp-0.10.8-1.el8_4.1.ppc64le.rpm s390x: pcs-0.10.8-1.el8_4.1.s390x.rpm pcs-snmp-0.10.8-1.el8_4.1.s390x.rpm x86_64: pcs-0.10.8-1.el8_4.1.x86_64.rpm pcs-snmp-0.10.8-1.el8_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-29970 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYoIkutzjgjWX9erEAQjBqw/9HxjA9v7EmuCyXKP8FmlmBHBPWvFby/9T alzejv6NpkzdIaugNgtCvS4eAyXnHLEaj+sFdVbf67AsoJxn4yGFuC6sqgEhkYBY k9jr1cFwT4upQzsCeOPmxb4AXy782nU1DZeGcSXg51m+sp7cBiZT7SevBu/C5mTy LB2cwU4AM6jbWq8SNLvuOEYFVd55sfd4WK5+MyC2LVN3E+fUaCoWDxhLNWWTG7Kk /z419VGlIeYg4akQH8JHPAQwCfLVTLh3oKNRvcvm1k4Ka7zWUDvLIx3pkV8MsYKl FoDrGCqGrguEIaQvpA3flBdFwhtdjOdGNUOx/r/iUDCuQgf6PquD9xATe3uP2C48 7olmWqf0X9ahhxMn6On42IrCSNjVxWpo/V6cpAc158jqq4PEKYgHkTnxIt+LWZVq T0KyBYoW80H3k3d5Mf6nILlingCAiLadVGKQKlSMvkD4gPqFDt1grkXGvXwuGOBL fMqZ+HwVsK1oKxyveprCqchtZlje2y4G2OKOQzFkAW10xFikAJoKgBR8HaJLRHDT atoOaJA5aEFxAg5ZZRbmZo8EgAmn8w4ARd0D/Dgva/StatUMOqZkTGjtH9W+jPw+ ur9/l7cgHrFLO9EaPD6Q3oaFNge1mN5jcReF17XIRyFIhEa9i71XXXFnTM+6KzQn ivxicxjlJoA= =FdKh - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMoHckNZI30y1K9AQijJA//aY9nA1OeRmoM5Qe2U0qDDrBmDBo4VI1q gSA7IBblSEsGMTElZcmQSl8JuhdfqAJN3vr7UmBVqeeZ/ZdAJOYxsRWWJgoWdHfU tWvIhO+763I9bWqgLuuQeMoQ7sxAokHe9lBmoiJFkzEjEvKBuFEa7Ebaoq++awvN 7lJMxSHi9pd+WKkjLNDfjjswfTrpEdRJrLIIdAqZxhSATm1nq7nsUD1EY6bHw1fN sLaJxIHEJuISV20X/PupmS9OxlzEtUHrV/56f0ceVXXeoCxYKj8DnNEImOyotZZp j5uUuYBRj0cL1QdMVBTXlC1flBjFwcGtnFJOFTFvQuqYaY7roTM6TRd/QqFKiBJw 4Ve0jNfdrwjukICIze2bxFjSxoofg4/dUgL3kvvR44kAQZmZdx3uAD098CBFLJAg qBE6iateEDMf2rssyQmg8SvgZlySSX8WDPjphOnSFM+g7r1nku/copjLXyfanD1M 5xu58GTgzlqa0ww0sp+3T9bs7O6tcDbZeuT5qwGV0aQNjhbavUBYIJp3j4g0HL5O 9n9dueeagywKf1oOyXtOxCEaluNT0cr5TlGM9KlJm/S8uw2Yzx0erhUhCvGxuVk3 77ZC5Dq46n3URX/Qitkcnd1RXh1bDNmzyu/fOvo3/B46bQUcHrXYmNcAqzCcD142 tNuUnItZZAs= =Obrh -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2401 - [RedHat] pcs: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2401 pcs security update 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: pcs Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-29970 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2255 Comment: CVSS (Max): 7.5 CVE-2022-29970 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: pcs security update Advisory ID: RHSA-2022:2255-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2255 Issue date: 2022-05-16 CVE Names: CVE-2022-29970 ===================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * sinatra: path traversal possible outside of public_dir when serving static files (CVE-2022-29970) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2081096 - CVE-2022-29970 sinatra: path traversal possible outside of public_dir when serving static files 6. Package List: Red Hat Enterprise Linux High Availability E4S (v. 8.1): Source: pcs-0.10.2-4.el8_1.2.src.rpm aarch64: pcs-0.10.2-4.el8_1.2.aarch64.rpm pcs-snmp-0.10.2-4.el8_1.2.aarch64.rpm ppc64le: pcs-0.10.2-4.el8_1.2.ppc64le.rpm pcs-snmp-0.10.2-4.el8_1.2.ppc64le.rpm s390x: pcs-0.10.2-4.el8_1.2.s390x.rpm pcs-snmp-0.10.2-4.el8_1.2.s390x.rpm x86_64: pcs-0.10.2-4.el8_1.2.x86_64.rpm pcs-snmp-0.10.2-4.el8_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-29970 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYoIkq9zjgjWX9erEAQhpWQ//Yl9PYERfBzpFagFRWvMLMcL6iAeTDES9 RLzRoWlFCI7voIufqBwX7OEB0BlY5I/BXYRe1r5eV+gggcFWOqrLJphNHcm0q/ZM HMCILH+b58nnMQ1EoHCEeHVwyxdC+D1z/BhUi1g5hbPvxPskL9sAyHhqMl+QYuR2 y1zCaLDF2Nuq7zmKNcmtZZjJbI9Q7lZn8FYOqfszmkE/W6zSf2+hWsels1rYb0Tt vPNZjxjQguy4Xu5IQkYZ0uHTwB1M2YGtXOlb4nnAt81jp+p3S08zCmEDnUvXwbRZ 32f7juWk/eNtCwrs4bZFtfS5DMfxROVvgTXzb+XpFKlvzAjJkltCmIoBfvS1rr+G xX0cs0tOSDAOUkvQF7daWlWA8b/PjwmX+N0sF36tMvI1edHeOzQUG6y9fHRCYg6C t1ZyySmbTIwOfE10cpeTYxPrCzXBfJ+DrkvXFHx8vChV+kHnuZqn7BR0ksAC1/Du sv0jWvhwOOnNSUDOEkAW+vKGLBe/vnkKfgENOkuP5QmsMlreOqNESGJYGcUUlOhS /7qWioGBeBvOyr2OlhuAvnRfiYIPyojPMWkRGXzxthmpjtkipwM5rja2kHAo628z TT9ZWb4ux9/3dSafmjt5JJoxWY+AX0R+6ILUrUONs35q2AHfeAYwBewv6BejQnly WU7rB/5QWDE= =s5Ee - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMn6skNZI30y1K9AQgplw//blA4SMHzmiHFHPOwki2t9nfTd+sJmEDE R7IjlF3laqOxAtDstm/PWIMeMbKYjDw60HpITR5Odl7KdUWjEfrI0g0insaUbE0f vZVvukbk34zAI08afMmpxG7irsNxosWFVZqMLZDuhEm+sJD7o3s4HhcHmtlfO0+Z 3Nrn3WEslTkSE5rtvU0uGeVDgZiY1rFQwQtT8ab0ZNJoED56VGfCpPK66A4KOS/W /cqofdo0ENU8Twr8ta9oyv/4A7AzePtAxjEu3zJtRVtzY6wXunjZJpKyy/hgwiCh V5H0OELwACv5Am8aGtGCleo/NKQrD0ImHecV6wsiAiniWLq1yLXuf5BmH83XjMw5 3E447VRyQIGmQaZ1qR3AGGKi4nWM9mztaw15H9DX/hEHDc43HnLHjTD/ZYBCBnoe XLuL5J57zju+rWjqB6Qu2YUFxswGGZwLXK6br+9VUy/PoIaBG2/z4YxtrWunAtWN BPuxzoXyJ7BXgXwgk7blw1tnrtXl7QEfucEnTAR0vOEUmuw21KBJh4cDc+k3itVH 33KXTbxrkPy51IouqwvKhJOn5HhxGiqiqzCpkeT8F3AjwFsUeqs/qU8RRD1db1IC Fb9eoZgXVTYK9zz3KtU3nOfBFnN0vOyDIKZMoSCgITKN5UOkAuv53v+DkxE+kBFd 693V3tDgcMw= =UyDP -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2400 - [Ubuntu] contained: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2400 USN-5311-2: containerd regression 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: containerd Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2022-23648 Original Bulletin: https://ubuntu.com/security/notices/USN-5311-2 Comment: CVSS (Max): 7.5 CVE-2022-23648 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5311-2: containerd regression 16 May 2022 USN-5311-1 fix was reverted by mistake in containerd. Releases o Ubuntu 21.10 o Ubuntu 20.04 LTS Packages o containerd - daemon to control runC Details USN-5311-1 released updates for containerd. Unfortunately, a subsequent update reverted the fix for this CVE by mistake. This update corrects the problem. We apologize for the inconvenience. Original advisory details: It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10 o containerd - 1.5.9-0ubuntu1~21.10.3 Ubuntu 20.04 o containerd - 1.5.9-0ubuntu1~20.04.4 In general, a standard system update will make all the necessary changes. References o CVE-2022-23648 Related notices o USN-5311-1 : containerd, golang-github-containerd-containerd-dev - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMnpckNZI30y1K9AQjfeA//U4tTge9lF5uIKbEiT7GqasUoBjjVxKwb rvfSr/7JbQlOxGdIiPObKwdOKHcaV15vtOkpz6YdgpYB9f9mQMK2dNnScVsBiyY5 jsB8Py1ebXbuFwoXkDhUfJPgV6WAOALIh5+vcknFLM8n4sW9C/m74a9DSXHPVgcL Bt4ss/8/FP3yT6F5DPYpSnHwA9lRfPkZTxKJCcsAm29L2Ohb69LFKmrtjK3ANDDw 6m3ujFZGqadXo7IxZzcyyK1M6puw/QF8q7cIlUdIIHmUD6r9YQIziJ3Jje2Efu4B FaSAPxkmqFnsftjFSX/sIZo/WGpLCba6ldbGbB/A2h4XwIqQvhAnLtPxem2k0elR q9RkPnLPZsXPFuQWQHf0XC7AwFh9BkaPH+NQoAXIpZZWyaMxhnRDwa5EoJV4lMfw JaxJ4S8Hbsc9BQi2VeijZssWG3t3wIHsCtw8LTejpbcotuP7b4BdbQ035lJmOzlW 4IauIDyWefrK1S9MR/rO6KwpOujQjIn8xmUoeMx+H5GSFMUMFooU70Q7PYOevPnO HjFxNL7P9PpvC7aBX7ofIlKZIPIMs6wK0zfhJwdTil65WxXVtjG2l5nS2aVuRNod 2vuoQzBtQVWkKcobNe8+xG5A6X4IfaZgYAeYZSNNO0FjciMIG116M4KeTUse8uxE R0s9v49CpsQ= =6F0L -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2399 - [Ubuntu] LibTIFF: CVSS (Max): 7.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2399 USN-5421-1: LibTIFF vulnerabilities 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: LibTIFF Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2022-0891 CVE-2022-0865 CVE-2022-0562 CVE-2022-0561 CVE-2020-35522 Original Bulletin: https://ubuntu.com/security/notices/USN-5421-1 Comment: CVSS (Max): 7.1 CVE-2022-0891 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5421-1: LibTIFF vulnerabilities 16 May 2022 Several security issues were fixed in LibTIFF. Releases o Ubuntu 21.10 o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS o Ubuntu 16.04 ESM o Ubuntu 14.04 ESM Packages o tiff - Tag Image File Format (TIFF) library Details It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. ( CVE-2020-35522 ) Chintan Shah discovered that LibTIFF incorrectly handled memory when handling certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. ( CVE-2022-0561 , CVE-2022-0562 , CVE-2022-0891 ) It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. ( CVE-2022-0865 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10 o libtiff5 - 4.3.0-1ubuntu0.1 o libtiff-tools - 4.3.0-1ubuntu0.1 Ubuntu 20.04 o libtiff5 - 4.1.0+git191117-2ubuntu0.20.04.3 o libtiff-tools - 4.1.0+git191117-2ubuntu0.20.04.3 Ubuntu 18.04 o libtiff5 - 4.0.9-5ubuntu0.5 o libtiff-tools - 4.0.9-5ubuntu0.5 Ubuntu 16.04 o libtiff5 - 4.0.6-1ubuntu0.8+esm1 Available with UA Infra or UA Desktop o libtiff-tools - 4.0.6-1ubuntu0.8+esm1 Available with UA Infra or UA Desktop Ubuntu 14.04 o libtiff5 - 4.0.3-7ubuntu0.11+esm1 Available with UA Infra or UA Desktop o libtiff-tools - 4.0.3-7ubuntu0.11+esm1 Available with UA Infra or UA Desktop In general, a standard system update will make all the necessary changes. References o CVE-2022-0891 o CVE-2022-0562 o CVE-2022-0561 o CVE-2020-35522 o CVE-2022-0865 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMmvckNZI30y1K9AQjQYg//SLbcIbMf+ne1BPePrsD7xEKmSgxiHrrT gl0ZxjvZfTWE1MM4vrHo3tsDYCJpG9qLCb34omHNHEuJLGiPLqZJPue23c0wQYUe 6mz6EGYx58DgfBnbvPtMAOC9PE9HZXspcbh88uhOnUD+Wk2wNMhfpzQ9Y+/7Hqq7 bD9CzpR+BPD8X6/pZb0SGfjTFRMdQDpMi0YuWbsrYzzSO6dfN12XkUHyBXG2DCB/ ekxlWY7cLt0+JMVuX7ZBO54TQrTGjc3IyCKfGA9TCu/TnVbxWlRqVyyRtEopTCb0 2HsTBjJJNcay40Y0dmV90CJsHNPz/NV66HsT+Ug8MVOKgOpDZeIn3jvel8+hxkZu mVL/j0aMT5oLkm3otm21vYT0X8kQ9wrrsN2HzX+LqQB4WP+6TG8OWO/A1e1rWMIQ I7X96XB2ROLCJ6hi1g0d+vxFiZrgxILaZxAtsr9h6ALtAIMkBUpM3x3qKLQHk4EM o+DviymhwQ+idpCKKnnfChJC5XNS6AvFGvplpgodbJWWXIH77KL5kEv8L3Az0rys uGh9C7knjUT04OXFNE/c+eBUTtNMhplPE2p/ucCaWFg/r7A1iTVRf2gm516Opnxf 6Pr/jU8B3ZyK6A4UjvejLV48++9+1DEI+HQ+OAPfxlscdJsvsDhWbLoc4e+kq9K4 0YTmblPOgSI= =9Cij -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2398 - [Ubuntu] libxml2: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2398 USN-5422-1: libxml2 vulnerabilities 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libxml2 Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2022-29824 CVE-2022-23308 Original Bulletin: https://ubuntu.com/security/notices/USN-5422-1 Comment: CVSS (Max): 7.5 CVE-2022-23308 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5422-1: libxml2 vulnerabilities 16 May 2022 Several security issues were fixed in libxml2. Releases o Ubuntu 22.04 LTS o Ubuntu 21.10 o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS o Ubuntu 16.04 ESM o Ubuntu 14.04 ESM Packages o libxml2 - GNOME XML library Details Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. ( CVE-2022-23308 ) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. ( CVE-2022-29824 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 o libxml2 - 2.9.13+dfsg-1ubuntu0.1 o libxml2-utils - 2.9.13+dfsg-1ubuntu0.1 Ubuntu 21.10 o libxml2 - 2.9.12+dfsg-4ubuntu0.2 o libxml2-utils - 2.9.12+dfsg-4ubuntu0.2 Ubuntu 20.04 o libxml2-utils - 2.9.10+dfsg-5ubuntu0.20.04.3 o libxml2 - 2.9.10+dfsg-5ubuntu0.20.04.3 Ubuntu 18.04 o libxml2-utils - 2.9.4+dfsg1-6.1ubuntu1.6 o libxml2 - 2.9.4+dfsg1-6.1ubuntu1.6 Ubuntu 16.04 o libxml2 - 2.9.3+dfsg1-1ubuntu0.7+esm2 Available with UA Infra or UA Desktop o libxml2-utils - 2.9.3+dfsg1-1ubuntu0.7+esm2 Available with UA Infra or UA Desktop Ubuntu 14.04 o libxml2 - 2.9.1+dfsg1-3ubuntu4.13+esm3 Available with UA Infra or UA Desktop o libxml2-utils - 2.9.1+dfsg1-3ubuntu4.13+esm3 Available with UA Infra or UA Desktop In general, a standard system update will make all the necessary changes. References o CVE-2022-29824 o CVE-2022-23308 Related notices o USN-5324-1 : libxml2-dev, libxml2-utils, libxml2, python-libxml2, python3-libxml2, libxml2-doc - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoMmh8kNZI30y1K9AQgrcA//U/K0RT778xTGV4daK8N7n3ir+xA2mWh/ 6K7e1XaLXTdl2WaEw9SQtGoC3yZpE025E3MixX5K3zKHV5UViPgrLNlGIyvB2PZH JE8FysdSiMORdAhsnNXqQsvc1ItIFUbDbmvIEhFTrJOY0RZ4lTUquDLF5088PIwB xvhIE2S5QREUowkz6e6ieDMtEYAzk6Ku6GTAvaxKyP7HSjkm4GhGygptplQXQ6wr 9234vSsGfLe7uZJJogDmKwRWS3ICfxfCTPgKo9U4c7/+MbEbGfhtVdIs+ovP0fsQ KajMxbwFBhXV9lTuncir6KB7Y1okDtGSTaMjSiAfg5pZqMeoFHPoLF9yI6Ka1KtS LASxgiYFvUKeLxd2A/M9B2RGsmwfL97nop8t96pdsrifaK0xcz7jZVjos9CS4Y5H wByqWfOUdJqbml6FEgdKcuIz64GmXOhG4g4T8peS1P4PKWV0eakNesUEs7rw6Xki Z7PxRsp/YTVR+CFVG/JuvQzUDJzyl+20FUFaCZiTWBAfZ099XYVcrzy718bSkkbI Vx7iUX3aFrgg8bafEbR9T3iaWw/FRK8qpB5s14UIfD1osVy29qw5roHyUYlh+qT6 9hbr6L1zTdnC+bKHuHVF/hvwqEkOfYShxBWfkoHw6vSX8X86j+/oxllYy2MljARM cZDhZJs92BQ= =PeWR -----END PGP SIGNATURE-----
2022. május 17.

ESB-2022.2397 - [SUSE] webkit2gtk3: CVSS (Max): 8.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2397 Security update for webkit2gtk3 17 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: webkit2gtk3 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-22637 CVE-2022-22629 CVE-2022-22628 CVE-2022-22624 CVE-2022-22594 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221677-1 Comment: CVSS (Max): 8.8 CVE-2022-22629 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1677-1 Rating: important References: #1196133 #1198290 Cross-References: CVE-2022-22594 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22637 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 (bsc#1198290): o CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. o CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. o CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. o CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error. Missing CVE reference for the update to 2.34.6 (bsc#1196133): o CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1677=1 o SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1677=1 o SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1677=1 o SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1677=1 o SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1677=1 o SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1677=1 o SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1677=1 o SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1677=1 o SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1677=1 o SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1677=1 o SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1677=1 o SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1677=1 o HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1677=1 Package List: o SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.36.0-2.96.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-2.96.1 libwebkit2gtk-4_0-37-2.36.0-2.96.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-2.96.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-2.96.1 webkit2gtk3-debugsource-2.36.0-2.96.1 o SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.36.0-2.96.1 o SUSE OpenStack Cloud Crowbar 8 (noarch): libwebkit2gtk3-lang-2.36.0-2.96.1 o SUSE OpenStack Cloud Crowbar 8 (x86_64): libjavascriptcoregtk-4_0-18-2.36.0-2.96.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-2.96.1 libwebkit2gtk-4_0-37-2.36.0-2.96.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-2.96.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-2.96.1 webkit2gtk3-debugsource-2.36.0-2.96.1 o SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.36.0-2.96.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-2.96.1 libwebkit2gtk-4_0-37-2.36.0-2.96.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-2.96.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-2.96.1 webkit2gtk3-debugsource-2.36.0-2.96.1 o SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.36.0-2.96.1 o SUSE OpenStack Cloud 8 (x86_64): libjavascriptcoregtk-4_0-18-2.36.0-2.96.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-2.96.1 libwebkit2gtk-4_0-37-2.36.0-2.96.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-2.96.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-2.96.1 webkit2gtk3-debugsource-2.36.0-2.96.1 o SUSE OpenStack Cloud 8 (noarch): libwebkit2gtk3-lang-2.36.0-2.96.1 o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.36.0-2.96.1 webkit2gtk3-debugsource-2.36.0-2.96.1 webkit2gtk3-devel-2.36.0-2.96.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.0-2.96.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-2.96.1 libwebkit2gtk-4_0-37-2.36.0-2.96.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-2.96.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-2.96.1 webkit2gtk3-debugsource-2.36.0-2.96.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.36.0-2.96.1 o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.0-2.96.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-2.96.1 libwebkit2gtk-4_0-37-2.36.0-2.96.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-2.96.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-2.96.1 webkit2gtk3-debugsource-2.36.0-2.96.1 o SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libwebkit2gtk3-lang-2.36.0-2.96.1 o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.0-2.96.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-2.96.1 libwebkit2gtk-4_0-37-2.36.0-2.96.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-2.96.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-2.96.1 webkit2gtk3-debugsource-2.36.0-2.96.1 o SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.36.0-2.96.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.0-2.96.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-2.96.1 libwebkit2gtk-4_0-37-2.36.0-2.96.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-2.96.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-2.96.1 webkit2gtk3-debugsource-2.36.0-2.96.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.36.0-2.96.1 o SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.0-2.96.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-2.96.1 libwebkit2gtk-4_0-37-2.36.0-2.96.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-2.96.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-2.96.1 webkit2gtk3-debugsource-2.36.0-2.96.1 o SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libwebkit2gtk3-lang-2.36.0-2.96.1 o SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.0-2.96.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-2.96.1 libwebkit2gtk-4_0-37-2.36.0-2.96.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-2.96.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2-4_0-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-2.96.1 webkit2gtk3-debugsource-2.36.0-2.96.1 o SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.36.0-2.96.1 o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.0-2.96.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-2.96.1 libwebkit2gtk-4_0-37-2.36.0-2.96.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-2.96.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-2.96.1 webkit2gtk3-debugsource-2.36.0-2.96.1 webkit2gtk3-devel-2.36.0-2.96.1 o HPE Helion Openstack 8 (noarch): libwebkit2gtk3-lang-2.36.0-2.96.1 o HPE Helion Openstack 8 (x86_64): libjavascriptcoregtk-4_0-18-2.36.0-2.96.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-2.96.1 libwebkit2gtk-4_0-37-2.36.0-2.96.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-2.96.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2-4_0-2.36.0-2.96.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-2.36.0-2.96.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-2.96.1 webkit2gtk3-debugsource-2.36.0-2.96.1 References: o https://www.suse.com/security/cve/CVE-2022-22594.html o https://www.suse.com/security/cve/CVE-2022-22624.html o https://www.suse.com/security/cve/CVE-2022-22628.html o https://www.suse.com/security/cve/CVE-2022-22629.html o https://www.suse.com/security/cve/CVE-2022-22637.html o https://bugzilla.suse.com/1196133 o https://bugzilla.suse.com/1198290 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoL2WckNZI30y1K9AQhTxQ//W3nBbdfU35iMa1//UrY6yfVRTkd65P3l gSIrD6pFiWFeqd0SaZDXEUC2GMkjOWxz24FMohPG5nzW1lnuufU2CAuz5VINyAZe b2r6NZIpaOyRrgz0wttwIl+u8FYPQf1jThQi6Tw51M7c79WA5+is32nmxFGzWe1A NdWNpA28VFZQTCF+rMnVtCD5UaQcy48MU+dAwGMZmsG8oxoN0dl10bB5DhDVxvOf /y1H8eirtumjRU4ehILxHhDSTc/jvXjelNwfHLKUDo22nHNjHt/9mnOqC16WkfqM j5fP15tt3Mdk7BLfBZoN48VXW+wvKqoEKKZ6nM3XO8DAWH+rGovlKR1FbjyxWxmg fXfB1fe8LBg56hZ0zZJTfmYJpUcFvSJw/ykpaeTdkrDmpGf/jlwK3Tv2hxztSyq+ e316j7EGUSymDH85eWmNDL7rLubrELFEwngH7D864TkehZSY2IsmOtWEQM4rx41P 5l/qXmm114aXrbsblobwTSLX8hIkGFbecHeHqYHMbCuxYatGuim9uqnFeOYguhUl WlcW9A+JjWRSNrOmT+bV2ud9R4j+kmrGZk/1HrxdIEXo9UDYFBoAZe3x2o5A77Uv 7ysQQIWkIC9UESh++k8Uh1czh6rnRjE3N4mkLJopaiQQr9DwJqDwM4rWfi9thSaS N6S1AZUc7i4= =00aO -----END PGP SIGNATURE-----