AusCERT - Security Bulletins
Latest published security bulletins. See https://www.auscert.org.au/rss/ for feed information.
Frissítve: 2 óra 20 perc
ESB-2022.2510 - [Linux] IBM Cloud Private: CVSS (Max): 9.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2510
Security Bulletin: IBM Cloud Private is vulnerable to
server-side request forgery due to Python (CVE-2021-29921)
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Cloud Private
Publisher: IBM
Operating System: Linux variants
Resolution: Patch/Upgrade
CVE Names: CVE-2021-29921
Original Bulletin:
https://www.ibm.com/support/pages/node/6588167
Comment: CVSS (Max): 9.1 CVE-2021-29921 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVSS Source: IBM
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM Cloud Private is vulnerable to server-side request forgery due to Python
(CVE-2021-29921)
Document Information
Document number : 6588167
Modified date : 20 May 2022
Product : IBM Cloud Private
Component : NA
Software version : All
Operating system(s): Linux
Edition : NA
Summary
There is a vulnerability in Python open source used by IBM Cloud Private for
scripting. The vulnerability could be exploited by an attacker to conduct SSRF
or local file include attacks. This bulletin identifies the security fixes to
apply to address the Python vulnerability (CVE-2021-29921)
Vulnerability Details
CVEID: CVE-2021-29921
DESCRIPTION: Python is vulnerable to server-side request forgery, caused by
improper input validation of octal strings in the stdlib ipaddress. By
submitting a specially-crafted IP address to a web application, an attacker
could exploit this vulnerability to conduct SSRF or local file include attacks.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
201083 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Affected Products and Versions
+--------------------+----------+
|Affected Product(s) |Version(s)|
+--------------------+----------+
|IBM Cloud Private |3.1.0 |
+--------------------+----------+
|IBM Cloud Private |3.1.1 |
+--------------------+----------+
|IBM Cloud Private |3.1.2 |
+--------------------+----------+
|IBM Cloud Private |3.2.0 |
+--------------------+----------+
|IBM Cloud Private |3.2.1 CD |
+--------------------+----------+
|IBM Cloud Private |3.2.2 CD |
+--------------------+----------+
Remediation/Fixes
Product defect fixes and security updates are only available for the two most
recent Continuous Delivery (CD) update packages
o IBM Cloud Private 3.2.1
o IBM Cloud Private 3.2.2
For IBM Cloud Private 3.2.1, apply fix pack:
o IBM Cloud Private 3.2.1.2203
For IBM Cloud Private 3.2.2, apply fix pack:
o IBM Cloud Private 3.2.2.2203
For IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0
o Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud
Private 3.2.2.
o If required, individual product fixes can be made available between CD
update packages for resolution of problems. Contact IBM support for
assistance
Workarounds and Mitigations
None
Change History
22 Apr 2022: Initial Publication
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYorThckNZI30y1K9AQjxhw//eWyVqQi1xa7ej1fo/IwG/6YKRjKjjeR9
AAxhR0pQVdryiUbhdQ4fI94yQxB8PoAGJ+z4HTCx7U2Spp+Tsq1Z5FQfZysOoxiE
y9nmuy/QADBdwfZyE5AP8VhVAPYSWgb+ahVdtGeoteRvRKaxGOtUY85KAeTrUtNj
/kSiGcJt1GGAM22azzNcw3zM4/o6DmSSNddm7ks/rtELVLiLXmz6NOcgOrjselTQ
3FBOaRW16TbTwu40mdjLiy1V6ESwg/TKCFFquMdHJjOF3/9XeiKaUx5PnTiuM6g2
AcImM/Sw8K7TlXjPUScQ/AYIVDsYSq6JXMdEj6+yxzUxXPvQyafmnKSMgrG4ToXi
x4lupeHYR90AsH2MCWu3T+8Fs+1Ya+LbLhZgIrkdcg/TIJBbFhsQC7zny6L+ST3s
RVQHQY2gWqGC7QVQKCZwGN4s5AF1YHpD+TLS4LYnMw46CPsKc6A1rRaXW/FaTdPE
C/TzkdSqv1laaLeusyTRmKw+seMG0J9j3RSR7pwpPffRdx+fY48mszBje6k17qBm
9D6M4NWPNQ9ewwXxaBNA3AzFtPbeWN6Iu5KXVpMtUzf34G6Xc4L2ACvQxrEEXJnv
IzdnadoDFJawBUmB+yw524pT1jOMWsR5Aw3fCLaoDosZQdOse0xq+8ToylitZpaH
MrWQddvtvs4=
=WYlD
-----END PGP SIGNATURE-----
ESB-2022.2509.3 - UPDATE [HPE NonStop] UPDATE IBM MQ for HP NonStop Server: CVSS (Max): 7.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2509.3
Security Bulletin: IBM MQ for HPE NonStop Server is affected
by OpenSSL vulnerability CVE-2022-0778
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM MQ for HP NonStop Server
Publisher: IBM
Operating System: HPE NonStop
Resolution: Patch/Upgrade
CVE Names: CVE-2022-0778
Original Bulletin:
https://www.ibm.com/support/pages/node/6588819
Comment: CVSS (Max): 7.5 CVE-2022-0778 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Source: IBM
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Revision History: May 23 2022: Fixed the CVSS Max score
May 23 2022: Fixed OS format
May 23 2022: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability
CVE-2022-0778
Document Information
Document number : 6588819
Modified date : 20 May 2022
Product : IBM MQ for HPE NonStop
Component : Server
Software version : 8.1
Operating system(s): HPE NonStop
Edition : 8.1.0.0,8.1.0.1
Summary
An issue was identifed in OpenSSL when MQ is using it to parse certificates.
Vulnerability Details
CVEID: CVE-2022-0778
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in
the BN_mod_sqrt() function when parsing certificates. By using a
specially-crafted certificate with invalid explicit curve parameters, a remote
attacker could exploit this vulnerability to cause an infinite loop, and
results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
221911 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
+----------------------+----------+
|Affected Product(s) |Version(s)|
+----------------------+----------+
|IBM MQ for HPE NonStop|8.1.0 |
+----------------------+----------+
Remediation/Fixes
+----------------------------------------+------------+-----------+----------------------------------------+
|IBM MQ V8.1 for HPE NonStop |8.1.0.10 |IT40196 |Upgrade to Fixpack 8.1.0.10 |
+----------------------------------------+------------+-----------+----------------------------------------+
Workarounds and Mitigations
None
Change History
17 May 2022: Initial Publication
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYorVp8kNZI30y1K9AQgbog//X5BRBOgHyW+/4DXwCPUFLrubC6NnzPIV
wlbvi1Br8KfDq6NtVVKhdaAv/8Q+3YmyiBGHyWF70Lpbaa8W2gHbE7cIAQ2liF6b
Q10OWavhRmrR2OHfMM3V8dSXsuHsngTNnlUElNl+SJJ6V57ArqoPR/KuVZUAsEGL
VKDxuUBgfhdtwWXKxO26KWrDOYYqr0OS/yfwAiubscWCub2oMUSo3hPgNq+DRNsw
h8gdZn9USWxA+wCdIGZeqsuuyvMnIvA+mI3Ob3V2i0bq7x7fKL/V/i2Zjfckvx0e
2ZAInkkiqWm4J6X4nerEuIZt9cNZuOjg5ThFjGU0eZMep2gSZNslLk91MLgPFl7p
dTtG2tkn0p5AsuBEX+SuWrk0FL43bkd5xdPdZQXrsXgvp8DVXgKaTDEg/QakxMwK
k/cphSR6PN3NVpQSPmr09BP96+qehdEqYaxaSNEsWd7uFMW9F89KNc/ItAgAar4W
lBJp9RpKgMY3BQW0vWpbmow+OhnP1DzQ3j9bxpER5LaLTTz5iFgB5UWhGY+p43ym
8N7Bj1BNFYrhMuSJNDvStd5uAI4pYGKo6+NSmJgVCBXJa7d/kaLQZqB0tcDVfy0m
0iE+NgGTzZofudmTu9SZAjDGJv1LO9wM0SWr31PVcoa0J/EcdtoJmYwQGdhO3Rzv
RYl2JWeuuJU=
=8s9a
-----END PGP SIGNATURE-----
ESB-2022.2508 - [Appliance] F5 products: CVSS (Max): 8.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2508
K08832573: DHCP vulnerability CVE-2021-25217
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BIG-IP (all modules)
BIG-IQ Centralized Management
F5OS
Publisher: F5 Networks
Operating System: Network Appliance
Resolution: Mitigation
CVE Names: CVE-2021-25217
Original Bulletin:
https://support.f5.com/csp/article/K08832573
Comment: CVSS (Max): 8.8 CVE-2021-25217 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: F5 Networks
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
K08832573: DHCP vulnerability CVE-2021-25217
Original Publication Date: 21 May, 2022
Security Advisory Description
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches
of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the
4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by
ISC. From inspection it is clear that the defect is also present in releases
from those series, but they have not been officially tested for the
vulnerability), The outcome of encountering the defect while reading a lease
that will trigger it varies, according to: the component being affected (i.e.,
dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary
whether the compiler flag -fstack-protection-strong was used when compiling In
dhclient, ISC has not successfully reproduced the error on a 64-bit system.
However, on a 32-bit system it is possible to cause dhclient to crash when
reading an improper lease, which could cause network connectivity problems for
an affected system due to the absence of a running DHCP client process. In
dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built
for a 32-bit architecture AND the -fstack-protection-strong flag was specified
to the compiler, dhcpd may exit while parsing a lease file containing an
objectionable lease, resulting in lack of service to clients. Additionally, the
offending lease and the lease immediately following it in the lease database
may be improperly deleted. if the dhcpd server binary was built for a 64-bit
architecture OR if the -fstack-protection-strong compiler flag was NOT
specified, the crash will not occur, but it is possible for the offending lease
and the lease which immediately followed it to be improperly deleted. (
CVE-2021-25217)
Impact
A stack-based buffer can overflow when statements are parsed with
colon-separated hex digits in config or lease files in dhcpd and dhclient.
Security Advisory Status
F5 Product Development has assigned ID 1102881 (BIG-IP and BIG-IQ) and ID
1106925 (F5OS-A and F5OS-C) to this vulnerability. This issue has been
classified as CWE-119: Improper Restriction of Operations within the Bounds of
a Memory Buffer.
To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding security advisory versioning.
Note: After a fix is introduced for a given minor branch, that fix applies to
all subsequent maintenance and point releases for that branch, and no
additional fixes for that branch will be listed in the table. For example, when
a fix is introduced in 14.1.2.3, the fix also applies to 14.1.2.4, and all
later 14.1.x releases (14.1.3.x., 14.1.4.x). For more information, refer to
K51812227: Understanding security advisory versioning. Additionally, software
versions preceding those listed in the Applies to (see versions) box of this
article have reached the End of Technical Support (EoTS) phase of their
lifecycle and are no longer evaluated for security issues. For more
information, refer to the Security hotfixes section of K4602: Overview of the
F5 security vulnerability response policy.
+------------+------+--------------+----------+----------+------+-------------+
| | |Versions known|Fixes | |CVSSv3|Vulnerable |
|Product |Branch|to be |introduced|Severity |score^|component or |
| | |vulnerable^1 |in | |2 |feature |
+------------+------+--------------+----------+----------+------+-------------+
| |17.x |17.0.0 |None | | | |
| +------+--------------+----------+ | | |
| |16.x |16.1.0 - |None | | | |
| | |16.1.2 | | | | |
| +------+--------------+----------+ | | |
|BIG-IP (all |15.x |15.1.0 - |None | | |dhcp/dhclient|
|modules) | |15.1.5 | |High |8.8 |DHCP Relay |
| +------+--------------+----------+ | |Agent |
| |14.x |14.1.0 - |None | | | |
| | |14.1.4 | | | | |
| +------+--------------+----------+ | | |
| |13.x |13.1.0 - |None | | | |
| | |13.1.5 | | | | |
+------------+------+--------------+----------+----------+------+-------------+
|BIG-IQ |8.x |8.0.0 - 8.2.0 |None | | | |
|Centralized +------+--------------+----------+High |8.8 |dhcp/dhclient|
|Management |7.x |7.0.0 - 7.1.0 |None | | | |
+------------+------+--------------+----------+----------+------+-------------+
|F5OS-A |1.x |1.0.0 - 1.0.1 |None |High |8.8 |dhcp/dhclient|
+------------+------+--------------+----------+----------+------+-------------+
| | |1.3.0 - 1.3.2 | | | | |
|F5OS-C |1.x |1.2.0 - 1.2.2 |None |High |8.8 |dhcp/dhclient|
| | |1.1.0 - 1.1.4 | | | | |
+------------+------+--------------+----------+----------+------+-------------+
|Traffix SDC |5.x |None |Not |Not |None |None |
| | | |applicable|vulnerable| | |
+------------+------+--------------+----------+----------+------+-------------+
^1F5 evaluates only software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle.
^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.
Recommended Actions
If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by installing a version listed in
the Fixes introduced in column. If the Fixes introduced in column does not list
a version for your branch, then no update candidate currently exists for that
branch and F5 recommends upgrading to a version with the fix (refer to the
table).
If the Fixes introduced in column lists a version prior to the one you are
running, in the same branch, then your version should have the fix.
Mitigation
Use static Management IP address
To mitigate this vulnerability, you can use a static Management IP address. For
more information, refer to K15040: Configuring and displaying the management IP
address for the BIG-IP system and K41712190: Displaying the management IP
address for the BIG-IQ system.
Protect the Management interface with Network Controls
You should restrict management access to only trusted users and devices over a
secure network. For more information about securing access to BIG-IP or
BIG-IQ systems, refer to the following articles:
o K13092: Overview of securing access to the BIG-IP system
o K46122561: Restricting access to the management interface using network
firewall rules
o K92748202: Restricting access to the BIG-IQ management interface using
network firewall rules
o K69354049: Restricting access to the BIG-IP management interface for
Configuration Utility and iControl REST services using iptables
Note: For BIG-IQ 7.x, secure the management interface by using an external
packet filtering device such as the BIG-IP Advanced Firewall Manager (AFM).
Disable DHCP Relay Agent (BIG-IP only)
If you configure the BIG-IP system as a DHCP Relay Agent, you should disable
it. For more information about configuring the BIG-IP system as a DHCP Relay
Agent, refer to the Configuring the BIG-IP System as a DHCP Relay Agent chapter
of the BIG-IP Local Traffic Manager: Implementations guide.
Note: For information about how to locate F5 product manuals, refer to
K98133564: Tips for searching AskF5 and finding product documentation.
Supplemental Information
o K41942608: Overview of security advisory articles
o K4602: Overview of the F5 security vulnerability response policy
o K4918: Overview of the F5 critical issue hotfix policy
o K8986: F5 software lifecycle policy
o K9502: BIG-IP hotfix and point release matrix
o K13123: Managing BIG-IP product hotfixes (11.x - 17.x)
o K15106: Managing BIG-IQ product hotfixes
o K15113: BIG-IQ hotfix and point release matrix
o K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM
systems (11.4.x and later)
o K167: Downloading software and firmware from F5
o K9970: Subscribing to email notifications regarding F5 products
o K9957: Creating a custom RSS feed to view new and updated documents
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYorK68kNZI30y1K9AQhLAg//fZctu+M04NXPR/AyKjUl1/IeWlFLgd0k
nuv57wRNU/06T4n79hWQwDI8+L0ABGbfObBuVgOtrSjfrDSzyin/ZL/fJEavPny0
v6fc1FQFS3qf+pSnh3kzmlFoNTXF82mvuCKwwewWM7PEfEYbDBXgOI9OLMVG2Iil
MxubJzDSEuqo2P57kZ2DH3ZIjPDzJ0GLYHkZ/CnO0/vrqS7H6Qs8twKbIjwia96q
pC1sWmymOrAe8+eiPzIKrEwTK2HMgQ07MQVKFpJIEhK60TJSzAATGqXXJD2X8TX+
Jf9Sg21QpCcB2Lk/S1GCCm068vFt6tWO6pNz/h5ToP1z9Y6ykMTN0FNzPX/iGwmf
/BnvFctnyG1NSpR4tForiw/2Gu8nPmLBFTYP+8lLDqb9xCUKKfGhRAhi3n2GAhBG
qv1KBf41nX/+ebRnaW8kZ0eDJY4SSSkSELdOnEpUxgQecRC9E6VF5p1XGkcpxhPW
gqgpSNro9c/x2gQ0vXwsnXb/wQNnd2tGqDZ2ZRuOHkr+DtR8UDR26suWGhI9cvzT
lOAzxj4cV9HCBBw1Jjm58vT+4Umi0CHdhu7QadfLQHo944w1vbKAMcITQaioPsi9
GMVwqGLIyuPX2QTstCCXVwSzIPWC7y6vpBcpO/ucyL0lnnCaqe7Kdfn1V6nTcKPh
hgex6ebboOc=
=gkMf
-----END PGP SIGNATURE-----
ESB-2022.2507 - [Cisco] Cisco IOS XR Software: CVSS (Max): 6.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2507
Cisco IOS XR Software Health Check Open Port Vulnerability
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco IOS XR Software
Publisher: Cisco Systems
Operating System: Cisco
Resolution: Patch/Upgrade
CVE Names: CVE-2022-20821
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK
Comment: CVSS (Max): 6.5 CVE-2022-20821 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Source: Cisco Systems
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco IOS XR Software Health Check Open Port Vulnerability
Priority: Medium
Advisory ID: cisco-sa-iosxr-redis-ABJyE5xK
First Published: 2022 May 20 16:00 GMT
Version 1.0: Final
Workarounds: Yes
Cisco Bug IDs: CSCwb82689
CVE Names: CVE-2022-20821
CWEs: CWE-200
Summary
o A vulnerability in the health check RPM of Cisco IOS XR Software could
allow an unauthenticated, remote attacker to access the Redis instance that
is running within the NOSi container.
This vulnerability exists because the health check RPM opens TCP port 6379
by default upon activation. An attacker could exploit this vulnerability by
connecting to the Redis instance on the open port. A successful exploit
could allow the attacker to write to the Redis in-memory database, write
arbitrary files to the container filesystem, and retrieve information about
the Redis database. Given the configuration of the sandboxed container that
the Redis instance runs in, a remote attacker would be unable to execute
remote code or abuse the integrity of the Cisco IOS XR Software host
system.
Cisco has released software updates that address this vulnerability. There
are workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco 8000 Series
Routers if they were running a vulnerable release of Cisco IOS XR Software
and had the health check RPM installed and active.
For information about which Cisco software releases were vulnerable at the
time of publication, see the Fixed Software section of this advisory. See
the Details section in the bug ID(s) at the top of this advisory for the
most complete and current information.
Determine the Device Configuration
To determine if the device is in a vulnerable state, issue the run docker
ps CLI command. If the output returns a docker container with the name
NOSi, as shown in the following example, the device is considered
vulnerable:
RP/0/RP0/CPU0:8000#run docker ps
Wed May 18 04:54:52.502 UTC
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
54307e434f29 nosi:latest "docker-entrypoint.s..." 9 seconds ago Up 8 seconds NOSi
RP/0/RP0/CPU0:8000#
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are workarounds that address this vulnerability:
Option 1: This is the preferred method. Disable health check and explicitly
disable the use cases.
To effectively disable health check, enter the following commands exactly
as shown:
RP/0/RP0/CPU0:8000(config)#no healthcheck enable
RP/0/RP0/CPU0:8000(config)#healthcheck use-case asic-reset disable
RP/0/RP0/CPU0:8000(config)#healthcheck use-case packet-drop disable
RP/0/RP0/CPU0:8000(config)#commit
RP/0/RP0/CPU0:8000#
Then remove the health check RPM from the device:
RP/0/RP0/CPU0:8000#install package remove xr-healthcheck
Wed May 18 05:00:08.060 UTCInstall remove operation 5.2.2 has started
Install operation will continue in the background
RP/0/RP0/CPU0:8000#
RP/0/RP0/CPU0:8000#install apply restart
Wed May 18 05:01:08.842 UTC
Install apply operation 5.2 has started
Install operation will continue in the background
RP/0/RP0/CPU0:8000#
Option 2: Use an Infrastructure Access Control List (iACLs) to block port
6379.
To protect infrastructure devices and minimize the risk, impact, and
effectiveness of direct infrastructure attacks, administrators are advised
to deploy infrastructure access control lists (iACLs) to perform policy
enforcement of traffic sent to infrastructure equipment. Administrators can
construct an iACL by explicitly permitting only authorized traffic sent to
infrastructure devices in accordance with existing security policies and
configurations. For the maximum protection of infrastructure devices,
deployed iACLs should be applied in the ingress direction on all interfaces
to which an IP address has been configured. An iACL workaround cannot
provide complete protection against this vulnerability when the attack
originates from a trusted source address.
The iACL policy denies unauthorized Redis communications packets on TCP
port 6379 that are sent to affected devices. In the following example,
192.168.60.0/24 is the IP address space that is used by the affected
devices. Care should be taken to allow required traffic for routing and
administrative access before denying all unauthorized traffic. Whenever
possible, infrastructure address space should be distinct from the address
space used for user and services segments. Using this addressing
methodology will assist with the construction and deployment of iACLs.
ipv4 access-list Infrastructure-ACL-Policy
!
!-- The following vulnerability-specific access control entries
!-- (ACEs) can drop Redis Database communication packets
!
deny tcp any 192.168.60.0 0.0.0.255 eq 6379
!
!-- Explicit deny ACE for traffic sent to addresses configured
!-- within the infrastructure address space
!
deny ip any 192.168.60.0 0.0.0.255
!
!-- Permit or deny all other Layer 3 and Layer 4 traffic in
!-- accordance with existing security policies and configurations
!
!-- Apply iACL to interfaces in the ingress direction
!
interface GigabitEthernet0/0
ipv4 access-group Infrastructure-ACL-Policy in
For additional information about iACLs, see Protecting Your Core:
Infrastructure Protection Access Control Lists .
While these workarounds have been deployed and were proven successful in a
test environment, customers should determine the applicability and
effectiveness in their own environment and under their own use conditions.
Customers should be aware that any workaround or mitigation that is
implemented may negatively impact the functionality or performance of their
network based on intrinsic customer deployment scenarios and limitations.
Customers should not deploy any workarounds or mitigations before first
evaluating the applicability to their own environment and any impact to
such environment.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, the release information in the following table
(s) was accurate. See the Details section in the bug ID(s) at the top of
this advisory for the most complete and current information.
Cisco IOS XR Release First Fixed Release
7.2 and earlier Not affected
7.3.15, 7.3.16, 7.3.1, and 7.3.2 Not affected
7.3.3 7.3.4 ^1
7.4 Not affected
7.5.1 Not affected
7.5.2 Not affected
7.6 Not affected
1. An SMU is also planned for 7.3.3.
The Cisco Product Security Incident Response Team (PSIRT) validates only
the affected and fixed release information that is documented in this
advisory.
Exploitation and Public Announcements
o In May 2022, the Cisco PSIRT became aware of attempted exploitation of this
vulnerability in the wild. Cisco strongly recommends that customers apply
suitable workaround or upgrade to a fixed software release to remediate
this vulnerability.
Source
o This vulnerability was found during the resolution of a Cisco TAC support
case.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2022-MAY-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYorK1ckNZI30y1K9AQgLpQ/8Cf1iYuGp8fVZ94EatypMbntlk0cNDmGA
x+1+lq8VYVRFkFdASzUvEVilTt6jmOT77iEop+29p8zzH8A65sWFO4CD3DgGN2IU
pqgRe0R0dmruTUKZmTpBeGzqu0F4KzZ4106LRkKKHTzY931i0PUmyPmpZ1j+F6sW
J6Xguky+LTBJRTXxaNoviySxqEOTTRVD80iKgknPXus9kdt99h1RyJ7mNIVNTHZZ
aRw/pueEn0eSga206DnnEl83rlnDOMYaN6VUce+wTggy3ttClVy4Jyyv2sRPWKR/
vW7XtQ/pX1f4csPisl+NDZJDQBL0iUqJubxtrUX8D0kGtx9PfI70I8PuJ1G29atW
m2wN3pBa/1vXbrZ/9l1OOtJmQbCdDdHc44M0gISIK54wUzHK2iWJTU+g4D5xhWQw
ecn8Me2mVThhFAU1VZ16uODjAN5Jv3/zanjKdfq+IhlkWqzlLZ6yZC+OQqizHhaB
PbJmOwvy1k24w7drkziGsAlGV4YeosrNV04uRc9wuD3m/dsixMIOw6VDMVhueoJe
4RRPHN4Br3rQZf2GCqcllx736q1J5zxl1DmUfZwFTc2pkSbOedHXmQxy3fsbMjHF
SwsWDe1edQJZk1YQUWAYNtA+KtrcMxXg4s7JIVXqJWa+4g7ishNyjtSMzqeb6pR9
RtRCU46zHJ4=
=fa1a
-----END PGP SIGNATURE-----
ESB-2022.2506 - [SUSE] Linux Kernel: CVSS (Max): 7.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2506
Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP5)
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-1280
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221783-1
Comment: CVSS (Max): 7.0 CVE-2022-1280 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for
SLE 12 SP5)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1783-1
Rating: important
References: #1198590
Cross-References: CVE-2022-1280
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.12.14-122_106 fixes one issue.
The following security issue was fixed:
o CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in
drivers/gpu/drm/drm_lease.c. This flaw allowed a local user privilege
attacker to cause a denial of service (DoS) or a kernel information leak
(bsc#1198590).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1787=1
SUSE-SLE-Module-Live-Patching-15-SP3-2022-1788=1
SUSE-SLE-Module-Live-Patching-15-SP3-2022-1789=1
o SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1781=1
SUSE-SLE-Module-Live-Patching-15-SP2-2022-1782=1
SUSE-SLE-Module-Live-Patching-15-SP2-2022-1783=1
SUSE-SLE-Module-Live-Patching-15-SP2-2022-1784=1
SUSE-SLE-Module-Live-Patching-15-SP2-2022-1786=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1775=1
SUSE-SLE-Live-Patching-12-SP5-2022-1776=1
SUSE-SLE-Live-Patching-12-SP5-2022-1777=1
SUSE-SLE-Live-Patching-12-SP5-2022-1778=1
SUSE-SLE-Live-Patching-12-SP5-2022-1779=1
SUSE-SLE-Live-Patching-12-SP5-2022-1780=1
SUSE-SLE-Live-Patching-12-SP5-2022-1785=1
Package List:
o SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x
x86_64):
kernel-livepatch-5_3_18-59_19-default-13-150300.2.1
kernel-livepatch-5_3_18-59_19-default-debuginfo-13-150300.2.1
kernel-livepatch-5_3_18-59_37-default-9-150300.2.1
kernel-livepatch-5_3_18-59_37-default-debuginfo-9-150300.2.1
kernel-livepatch-5_3_18-59_40-default-9-150300.2.1
kernel-livepatch-SLE15-SP3_Update_10-debugsource-9-150300.2.1
kernel-livepatch-SLE15-SP3_Update_5-debugsource-13-150300.2.1
o SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64):
kernel-livepatch-5_3_18-59_40-default-debuginfo-9-150300.2.1
o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
x86_64):
kernel-livepatch-5_3_18-24_53_4-default-15-150200.2.1
kernel-livepatch-5_3_18-24_53_4-default-debuginfo-15-150200.2.1
kernel-livepatch-5_3_18-24_70-default-15-150200.2.1
kernel-livepatch-5_3_18-24_70-default-debuginfo-15-150200.2.1
kernel-livepatch-5_3_18-24_75-default-14-150200.2.1
kernel-livepatch-5_3_18-24_75-default-debuginfo-14-150200.2.1
kernel-livepatch-5_3_18-24_78-default-13-150200.2.1
kernel-livepatch-5_3_18-24_78-default-debuginfo-13-150200.2.1
kernel-livepatch-5_3_18-24_86-default-11-150200.2.1
kernel-livepatch-5_3_18-24_86-default-debuginfo-11-150200.2.1
kernel-livepatch-SLE15-SP2_Update_15-debugsource-15-150200.2.1
kernel-livepatch-SLE15-SP2_Update_16-debugsource-15-150200.2.1
kernel-livepatch-SLE15-SP2_Update_17-debugsource-14-150200.2.1
kernel-livepatch-SLE15-SP2_Update_18-debugsource-13-150200.2.1
kernel-livepatch-SLE15-SP2_Update_20-debugsource-11-150200.2.1
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_103-default-9-2.1
kgraft-patch-4_12_14-122_106-default-7-2.1
kgraft-patch-4_12_14-122_74-default-15-2.1
kgraft-patch-4_12_14-122_80-default-14-2.1
kgraft-patch-4_12_14-122_83-default-13-2.1
kgraft-patch-4_12_14-122_88-default-11-2.1
kgraft-patch-4_12_14-122_91-default-11-2.1
References:
o https://www.suse.com/security/cve/CVE-2022-1280.html
o https://bugzilla.suse.com/1198590
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYorFP8kNZI30y1K9AQhtqxAAiG6bnxrp3dzG42lQcIuUZdRwlJzKBIgi
9IigRIBloSrFjT6Xy1y2gd/M9OAMwE4ABWw8pCsoSZFT3Rvs15KF1xwA6V8/BPzL
WTdwZ8dzH7+wFzhFtbzYg25jZeejjAsciiww6fwUHwkwsrBYCAFyYGMobNuRM6ur
eC9ExSo9GMnKi5E0nYb2JAAqM+vFKUoHdY9AB90Nxg0jIhu2g1ThpaPiSg47s6Vv
vIWj/A1DTh7dyiFPhiEFQ4YHqmEVe2sI932A2ORDzGhUXFZwlkzx0vOgZrshtr7e
/kcyvIFUQ0gOFNiuTFCnpn3H+h4ZDuPPyfWgzy34a9c2+XNN9hAgFU7q5hoBtFch
uk0RPubXlF9DvxLQoX4Mt91AQ3rSmoYaWo/KPZyTSchL47VsxzYlRGgk0Bpt5+lg
1MJ4tWz+OkBOAi9GcAv3gIhVwPFOpS5PWSKt3/k4ARjitOCeeZytbkrf0CMXuqy1
TCWM6eIHLMETE+6ThlDUYUFlc0J6B+N5xlNcGQkumRhcjFYg76a81l2TL8DaT5q/
a7soRLKVDOXnWI1fx75oJuKGfiM0OUuRC769WPswXxZ1qG3W+77GJA5qOUNz3CbC
i2dd8YRmBOpU1FPa8u4+ppOAzsiP4UKYDrH4ACE4tL57gnhvxfPP9+sf2z8OTc7V
zzwx+jxMkEU=
=n6RA
-----END PGP SIGNATURE-----
ESB-2022.2505 - [SUSE] php7: CVSS (Max): None
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2505
Security update for php7
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: php7
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221764-1
Comment: CVSS (Max): None available when published
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for php7
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1764-1
Rating: low
References: #1197644
Affected Products:
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Module for Web Scripting 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for php7 fixes the following issues:
o Fixed filter_var bypass vulnerability (bsc#1197644).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1764=1
o SUSE Linux Enterprise Module for Web Scripting 12:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-1764=1
Package List:
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
php7-debuginfo-7.0.7-50.105.1
php7-debugsource-7.0.7-50.105.1
php7-devel-7.0.7-50.105.1
o SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x
x86_64):
apache2-mod_php7-7.0.7-50.105.1
apache2-mod_php7-debuginfo-7.0.7-50.105.1
php7-7.0.7-50.105.1
php7-bcmath-7.0.7-50.105.1
php7-bcmath-debuginfo-7.0.7-50.105.1
php7-bz2-7.0.7-50.105.1
php7-bz2-debuginfo-7.0.7-50.105.1
php7-calendar-7.0.7-50.105.1
php7-calendar-debuginfo-7.0.7-50.105.1
php7-ctype-7.0.7-50.105.1
php7-ctype-debuginfo-7.0.7-50.105.1
php7-curl-7.0.7-50.105.1
php7-curl-debuginfo-7.0.7-50.105.1
php7-dba-7.0.7-50.105.1
php7-dba-debuginfo-7.0.7-50.105.1
php7-debuginfo-7.0.7-50.105.1
php7-debugsource-7.0.7-50.105.1
php7-dom-7.0.7-50.105.1
php7-dom-debuginfo-7.0.7-50.105.1
php7-enchant-7.0.7-50.105.1
php7-enchant-debuginfo-7.0.7-50.105.1
php7-exif-7.0.7-50.105.1
php7-exif-debuginfo-7.0.7-50.105.1
php7-fastcgi-7.0.7-50.105.1
php7-fastcgi-debuginfo-7.0.7-50.105.1
php7-fileinfo-7.0.7-50.105.1
php7-fileinfo-debuginfo-7.0.7-50.105.1
php7-fpm-7.0.7-50.105.1
php7-fpm-debuginfo-7.0.7-50.105.1
php7-ftp-7.0.7-50.105.1
php7-ftp-debuginfo-7.0.7-50.105.1
php7-gd-7.0.7-50.105.1
php7-gd-debuginfo-7.0.7-50.105.1
php7-gettext-7.0.7-50.105.1
php7-gettext-debuginfo-7.0.7-50.105.1
php7-gmp-7.0.7-50.105.1
php7-gmp-debuginfo-7.0.7-50.105.1
php7-iconv-7.0.7-50.105.1
php7-iconv-debuginfo-7.0.7-50.105.1
php7-imap-7.0.7-50.105.1
php7-imap-debuginfo-7.0.7-50.105.1
php7-intl-7.0.7-50.105.1
php7-intl-debuginfo-7.0.7-50.105.1
php7-json-7.0.7-50.105.1
php7-json-debuginfo-7.0.7-50.105.1
php7-ldap-7.0.7-50.105.1
php7-ldap-debuginfo-7.0.7-50.105.1
php7-mbstring-7.0.7-50.105.1
php7-mbstring-debuginfo-7.0.7-50.105.1
php7-mcrypt-7.0.7-50.105.1
php7-mcrypt-debuginfo-7.0.7-50.105.1
php7-mysql-7.0.7-50.105.1
php7-mysql-debuginfo-7.0.7-50.105.1
php7-odbc-7.0.7-50.105.1
php7-odbc-debuginfo-7.0.7-50.105.1
php7-opcache-7.0.7-50.105.1
php7-opcache-debuginfo-7.0.7-50.105.1
php7-openssl-7.0.7-50.105.1
php7-openssl-debuginfo-7.0.7-50.105.1
php7-pcntl-7.0.7-50.105.1
php7-pcntl-debuginfo-7.0.7-50.105.1
php7-pdo-7.0.7-50.105.1
php7-pdo-debuginfo-7.0.7-50.105.1
php7-pgsql-7.0.7-50.105.1
php7-pgsql-debuginfo-7.0.7-50.105.1
php7-phar-7.0.7-50.105.1
php7-phar-debuginfo-7.0.7-50.105.1
php7-posix-7.0.7-50.105.1
php7-posix-debuginfo-7.0.7-50.105.1
php7-pspell-7.0.7-50.105.1
php7-pspell-debuginfo-7.0.7-50.105.1
php7-shmop-7.0.7-50.105.1
php7-shmop-debuginfo-7.0.7-50.105.1
php7-snmp-7.0.7-50.105.1
php7-snmp-debuginfo-7.0.7-50.105.1
php7-soap-7.0.7-50.105.1
php7-soap-debuginfo-7.0.7-50.105.1
php7-sockets-7.0.7-50.105.1
php7-sockets-debuginfo-7.0.7-50.105.1
php7-sqlite-7.0.7-50.105.1
php7-sqlite-debuginfo-7.0.7-50.105.1
php7-sysvmsg-7.0.7-50.105.1
php7-sysvmsg-debuginfo-7.0.7-50.105.1
php7-sysvsem-7.0.7-50.105.1
php7-sysvsem-debuginfo-7.0.7-50.105.1
php7-sysvshm-7.0.7-50.105.1
php7-sysvshm-debuginfo-7.0.7-50.105.1
php7-tokenizer-7.0.7-50.105.1
php7-tokenizer-debuginfo-7.0.7-50.105.1
php7-wddx-7.0.7-50.105.1
php7-wddx-debuginfo-7.0.7-50.105.1
php7-xmlreader-7.0.7-50.105.1
php7-xmlreader-debuginfo-7.0.7-50.105.1
php7-xmlrpc-7.0.7-50.105.1
php7-xmlrpc-debuginfo-7.0.7-50.105.1
php7-xmlwriter-7.0.7-50.105.1
php7-xmlwriter-debuginfo-7.0.7-50.105.1
php7-xsl-7.0.7-50.105.1
php7-xsl-debuginfo-7.0.7-50.105.1
php7-zip-7.0.7-50.105.1
php7-zip-debuginfo-7.0.7-50.105.1
php7-zlib-7.0.7-50.105.1
php7-zlib-debuginfo-7.0.7-50.105.1
o SUSE Linux Enterprise Module for Web Scripting 12 (noarch):
php7-pear-7.0.7-50.105.1
php7-pear-Archive_Tar-7.0.7-50.105.1
References:
o https://bugzilla.suse.com/1197644
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYorEvskNZI30y1K9AQjVAA/8CEYZQTVX5BoewxYpkTBDfkeyco3dgap6
34YtgaimY972QyyB+qoQVyJTs37qC1JBAC3ic3NpwmV9u/9m1Y34CK9pXRvb9862
VPra5wbsAJ8NmYq0hQQYhW6KqnkiyjMqqql7KclWjb7GhWPz5fYCD6U51ET/Ims7
jX1DhE1nzEQg9c06Bq2SF0YDrz/tf6nPXVpuDKNcPbBNxipl9JnauTt6EUzvSnDL
okT2qzmlnHx24KCjt3ZtPKGYlNOjGjHbBVfGW3+tl8dnBGVnWOpF+hojYUiUTgPM
8VMozF+/abCGinAMG+98yaEEMPCZiyAdaFnm2i54Sv9gLyPtCLPpOVc9rFVGdw7S
s7BRrxydB4eMyh1MrYn65K3eUiuwXiGT//02UoF/8MaXuf5nt3fET2pMCRfI3Q/J
QnZnl9D/aP3gvruoD8jVGApeDqMb1UovUVvJj2o4FEslyM9DbbukEfeNiebyb8rR
szMmkf7TWMTNuKLBBDnhlDDjOg4dFXdUBFN4nFRHPu1q3i/Q8kdw7FLoSuun1OvJ
SoMb9gymWNMQ9ucoO+/eMqgdzNsq+uEqO5fsNwIlWk8CzmonXgX9lF2U5KRANxZD
uCL+w4YjD3ykneK/Mv38A2LTc825QSCiOIKdteuv9EIztZDpRwGTPk0ZLHa3D5+I
lCYchZF0msE=
=pn/2
-----END PGP SIGNATURE-----
ESB-2022.2504 - [SUSE] php7: CVSS (Max): None
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2504
Security update for php7
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: php7
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221768-1
Comment: CVSS (Max): None available when published
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for php7
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1768-1
Rating: low
References: #1197644
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Web Scripting 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for php7 fixes the following issues:
o Fixed filter_var bypass vulnerability (bsc#1197644).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1768=1
o openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1768=1
o SUSE Linux Enterprise Module for Web Scripting 15-SP3:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-1768=1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1768=
1
Package List:
o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
php7-firebird-7.4.6-150200.3.38.2
php7-firebird-debuginfo-7.4.6-150200.3.38.2
o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
apache2-mod_php7-7.4.6-150200.3.38.2
apache2-mod_php7-debuginfo-7.4.6-150200.3.38.2
php7-7.4.6-150200.3.38.2
php7-bcmath-7.4.6-150200.3.38.2
php7-bcmath-debuginfo-7.4.6-150200.3.38.2
php7-bz2-7.4.6-150200.3.38.2
php7-bz2-debuginfo-7.4.6-150200.3.38.2
php7-calendar-7.4.6-150200.3.38.2
php7-calendar-debuginfo-7.4.6-150200.3.38.2
php7-ctype-7.4.6-150200.3.38.2
php7-ctype-debuginfo-7.4.6-150200.3.38.2
php7-curl-7.4.6-150200.3.38.2
php7-curl-debuginfo-7.4.6-150200.3.38.2
php7-dba-7.4.6-150200.3.38.2
php7-dba-debuginfo-7.4.6-150200.3.38.2
php7-debuginfo-7.4.6-150200.3.38.2
php7-debugsource-7.4.6-150200.3.38.2
php7-devel-7.4.6-150200.3.38.2
php7-dom-7.4.6-150200.3.38.2
php7-dom-debuginfo-7.4.6-150200.3.38.2
php7-embed-7.4.6-150200.3.38.2
php7-embed-debuginfo-7.4.6-150200.3.38.2
php7-enchant-7.4.6-150200.3.38.2
php7-enchant-debuginfo-7.4.6-150200.3.38.2
php7-exif-7.4.6-150200.3.38.2
php7-exif-debuginfo-7.4.6-150200.3.38.2
php7-fastcgi-7.4.6-150200.3.38.2
php7-fastcgi-debuginfo-7.4.6-150200.3.38.2
php7-fileinfo-7.4.6-150200.3.38.2
php7-fileinfo-debuginfo-7.4.6-150200.3.38.2
php7-firebird-7.4.6-150200.3.38.2
php7-firebird-debuginfo-7.4.6-150200.3.38.2
php7-fpm-7.4.6-150200.3.38.2
php7-fpm-debuginfo-7.4.6-150200.3.38.2
php7-ftp-7.4.6-150200.3.38.2
php7-ftp-debuginfo-7.4.6-150200.3.38.2
php7-gd-7.4.6-150200.3.38.2
php7-gd-debuginfo-7.4.6-150200.3.38.2
php7-gettext-7.4.6-150200.3.38.2
php7-gettext-debuginfo-7.4.6-150200.3.38.2
php7-gmp-7.4.6-150200.3.38.2
php7-gmp-debuginfo-7.4.6-150200.3.38.2
php7-iconv-7.4.6-150200.3.38.2
php7-iconv-debuginfo-7.4.6-150200.3.38.2
php7-intl-7.4.6-150200.3.38.2
php7-intl-debuginfo-7.4.6-150200.3.38.2
php7-json-7.4.6-150200.3.38.2
php7-json-debuginfo-7.4.6-150200.3.38.2
php7-ldap-7.4.6-150200.3.38.2
php7-ldap-debuginfo-7.4.6-150200.3.38.2
php7-mbstring-7.4.6-150200.3.38.2
php7-mbstring-debuginfo-7.4.6-150200.3.38.2
php7-mysql-7.4.6-150200.3.38.2
php7-mysql-debuginfo-7.4.6-150200.3.38.2
php7-odbc-7.4.6-150200.3.38.2
php7-odbc-debuginfo-7.4.6-150200.3.38.2
php7-opcache-7.4.6-150200.3.38.2
php7-opcache-debuginfo-7.4.6-150200.3.38.2
php7-openssl-7.4.6-150200.3.38.2
php7-openssl-debuginfo-7.4.6-150200.3.38.2
php7-pcntl-7.4.6-150200.3.38.2
php7-pcntl-debuginfo-7.4.6-150200.3.38.2
php7-pdo-7.4.6-150200.3.38.2
php7-pdo-debuginfo-7.4.6-150200.3.38.2
php7-pgsql-7.4.6-150200.3.38.2
php7-pgsql-debuginfo-7.4.6-150200.3.38.2
php7-phar-7.4.6-150200.3.38.2
php7-phar-debuginfo-7.4.6-150200.3.38.2
php7-posix-7.4.6-150200.3.38.2
php7-posix-debuginfo-7.4.6-150200.3.38.2
php7-readline-7.4.6-150200.3.38.2
php7-readline-debuginfo-7.4.6-150200.3.38.2
php7-shmop-7.4.6-150200.3.38.2
php7-shmop-debuginfo-7.4.6-150200.3.38.2
php7-snmp-7.4.6-150200.3.38.2
php7-snmp-debuginfo-7.4.6-150200.3.38.2
php7-soap-7.4.6-150200.3.38.2
php7-soap-debuginfo-7.4.6-150200.3.38.2
php7-sockets-7.4.6-150200.3.38.2
php7-sockets-debuginfo-7.4.6-150200.3.38.2
php7-sodium-7.4.6-150200.3.38.2
php7-sodium-debuginfo-7.4.6-150200.3.38.2
php7-sqlite-7.4.6-150200.3.38.2
php7-sqlite-debuginfo-7.4.6-150200.3.38.2
php7-sysvmsg-7.4.6-150200.3.38.2
php7-sysvmsg-debuginfo-7.4.6-150200.3.38.2
php7-sysvsem-7.4.6-150200.3.38.2
php7-sysvsem-debuginfo-7.4.6-150200.3.38.2
php7-sysvshm-7.4.6-150200.3.38.2
php7-sysvshm-debuginfo-7.4.6-150200.3.38.2
php7-test-7.4.6-150200.3.38.2
php7-tidy-7.4.6-150200.3.38.2
php7-tidy-debuginfo-7.4.6-150200.3.38.2
php7-tokenizer-7.4.6-150200.3.38.2
php7-tokenizer-debuginfo-7.4.6-150200.3.38.2
php7-xmlreader-7.4.6-150200.3.38.2
php7-xmlreader-debuginfo-7.4.6-150200.3.38.2
php7-xmlrpc-7.4.6-150200.3.38.2
php7-xmlrpc-debuginfo-7.4.6-150200.3.38.2
php7-xmlwriter-7.4.6-150200.3.38.2
php7-xmlwriter-debuginfo-7.4.6-150200.3.38.2
php7-xsl-7.4.6-150200.3.38.2
php7-xsl-debuginfo-7.4.6-150200.3.38.2
php7-zip-7.4.6-150200.3.38.2
php7-zip-debuginfo-7.4.6-150200.3.38.2
php7-zlib-7.4.6-150200.3.38.2
php7-zlib-debuginfo-7.4.6-150200.3.38.2
o SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le
s390x x86_64):
apache2-mod_php7-7.4.6-150200.3.38.2
apache2-mod_php7-debuginfo-7.4.6-150200.3.38.2
php7-7.4.6-150200.3.38.2
php7-bcmath-7.4.6-150200.3.38.2
php7-bcmath-debuginfo-7.4.6-150200.3.38.2
php7-bz2-7.4.6-150200.3.38.2
php7-bz2-debuginfo-7.4.6-150200.3.38.2
php7-calendar-7.4.6-150200.3.38.2
php7-calendar-debuginfo-7.4.6-150200.3.38.2
php7-ctype-7.4.6-150200.3.38.2
php7-ctype-debuginfo-7.4.6-150200.3.38.2
php7-curl-7.4.6-150200.3.38.2
php7-curl-debuginfo-7.4.6-150200.3.38.2
php7-dba-7.4.6-150200.3.38.2
php7-dba-debuginfo-7.4.6-150200.3.38.2
php7-debuginfo-7.4.6-150200.3.38.2
php7-debugsource-7.4.6-150200.3.38.2
php7-devel-7.4.6-150200.3.38.2
php7-dom-7.4.6-150200.3.38.2
php7-dom-debuginfo-7.4.6-150200.3.38.2
php7-enchant-7.4.6-150200.3.38.2
php7-enchant-debuginfo-7.4.6-150200.3.38.2
php7-exif-7.4.6-150200.3.38.2
php7-exif-debuginfo-7.4.6-150200.3.38.2
php7-fastcgi-7.4.6-150200.3.38.2
php7-fastcgi-debuginfo-7.4.6-150200.3.38.2
php7-fileinfo-7.4.6-150200.3.38.2
php7-fileinfo-debuginfo-7.4.6-150200.3.38.2
php7-fpm-7.4.6-150200.3.38.2
php7-fpm-debuginfo-7.4.6-150200.3.38.2
php7-ftp-7.4.6-150200.3.38.2
php7-ftp-debuginfo-7.4.6-150200.3.38.2
php7-gd-7.4.6-150200.3.38.2
php7-gd-debuginfo-7.4.6-150200.3.38.2
php7-gettext-7.4.6-150200.3.38.2
php7-gettext-debuginfo-7.4.6-150200.3.38.2
php7-gmp-7.4.6-150200.3.38.2
php7-gmp-debuginfo-7.4.6-150200.3.38.2
php7-iconv-7.4.6-150200.3.38.2
php7-iconv-debuginfo-7.4.6-150200.3.38.2
php7-intl-7.4.6-150200.3.38.2
php7-intl-debuginfo-7.4.6-150200.3.38.2
php7-json-7.4.6-150200.3.38.2
php7-json-debuginfo-7.4.6-150200.3.38.2
php7-ldap-7.4.6-150200.3.38.2
php7-ldap-debuginfo-7.4.6-150200.3.38.2
php7-mbstring-7.4.6-150200.3.38.2
php7-mbstring-debuginfo-7.4.6-150200.3.38.2
php7-mysql-7.4.6-150200.3.38.2
php7-mysql-debuginfo-7.4.6-150200.3.38.2
php7-odbc-7.4.6-150200.3.38.2
php7-odbc-debuginfo-7.4.6-150200.3.38.2
php7-opcache-7.4.6-150200.3.38.2
php7-opcache-debuginfo-7.4.6-150200.3.38.2
php7-openssl-7.4.6-150200.3.38.2
php7-openssl-debuginfo-7.4.6-150200.3.38.2
php7-pcntl-7.4.6-150200.3.38.2
php7-pcntl-debuginfo-7.4.6-150200.3.38.2
php7-pdo-7.4.6-150200.3.38.2
php7-pdo-debuginfo-7.4.6-150200.3.38.2
php7-pgsql-7.4.6-150200.3.38.2
php7-pgsql-debuginfo-7.4.6-150200.3.38.2
php7-phar-7.4.6-150200.3.38.2
php7-phar-debuginfo-7.4.6-150200.3.38.2
php7-posix-7.4.6-150200.3.38.2
php7-posix-debuginfo-7.4.6-150200.3.38.2
php7-readline-7.4.6-150200.3.38.2
php7-readline-debuginfo-7.4.6-150200.3.38.2
php7-shmop-7.4.6-150200.3.38.2
php7-shmop-debuginfo-7.4.6-150200.3.38.2
php7-snmp-7.4.6-150200.3.38.2
php7-snmp-debuginfo-7.4.6-150200.3.38.2
php7-soap-7.4.6-150200.3.38.2
php7-soap-debuginfo-7.4.6-150200.3.38.2
php7-sockets-7.4.6-150200.3.38.2
php7-sockets-debuginfo-7.4.6-150200.3.38.2
php7-sodium-7.4.6-150200.3.38.2
php7-sodium-debuginfo-7.4.6-150200.3.38.2
php7-sqlite-7.4.6-150200.3.38.2
php7-sqlite-debuginfo-7.4.6-150200.3.38.2
php7-sysvmsg-7.4.6-150200.3.38.2
php7-sysvmsg-debuginfo-7.4.6-150200.3.38.2
php7-sysvsem-7.4.6-150200.3.38.2
php7-sysvsem-debuginfo-7.4.6-150200.3.38.2
php7-sysvshm-7.4.6-150200.3.38.2
php7-sysvshm-debuginfo-7.4.6-150200.3.38.2
php7-tidy-7.4.6-150200.3.38.2
php7-tidy-debuginfo-7.4.6-150200.3.38.2
php7-tokenizer-7.4.6-150200.3.38.2
php7-tokenizer-debuginfo-7.4.6-150200.3.38.2
php7-xmlreader-7.4.6-150200.3.38.2
php7-xmlreader-debuginfo-7.4.6-150200.3.38.2
php7-xmlrpc-7.4.6-150200.3.38.2
php7-xmlrpc-debuginfo-7.4.6-150200.3.38.2
php7-xmlwriter-7.4.6-150200.3.38.2
php7-xmlwriter-debuginfo-7.4.6-150200.3.38.2
php7-xsl-7.4.6-150200.3.38.2
php7-xsl-debuginfo-7.4.6-150200.3.38.2
php7-zip-7.4.6-150200.3.38.2
php7-zip-debuginfo-7.4.6-150200.3.38.2
php7-zlib-7.4.6-150200.3.38.2
php7-zlib-debuginfo-7.4.6-150200.3.38.2
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64
ppc64le s390x x86_64):
php7-debuginfo-7.4.6-150200.3.38.2
php7-debugsource-7.4.6-150200.3.38.2
php7-embed-7.4.6-150200.3.38.2
php7-embed-debuginfo-7.4.6-150200.3.38.2
References:
o https://bugzilla.suse.com/1197644
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYorEr8kNZI30y1K9AQjeTA//QJiXEnKOyaMCyljsnCK+Nokr6ZLkbAWW
vNV751DHA+uuqaf8UihTTue9a9ZcABWUbkY/mwhQsJRG+vLlrRX5yl+1MPtngynx
4x0801fqpyMfCamVpgZ9odBHre+GN6PRz8kwg6WegajR+h8v+xuZutrEURGc9LdQ
wtgS7nt98shaKGuLE9vWJ8LT3aOweovp813YwDZDjGGaDdSdYcEcYRhYBJJpMT30
qaUQDiJZ1+aZeYBN+QfZu4qpNGTVHjWOezbzIT1gjyXnikjW6/RzffuhgaUGe+wB
NHEw20Lkr2SLMwXfwFl7DyLMwx1XBaGzPl1RVohQ1p76frSfZBA6Nj3tOCrox1x8
dPgbTFEv5qZCYfYrxDU6TIj9C3VDegQCJOupJ8+KEzvumOWQvTzE8YOxTg3meIUJ
gImcou8PlMDxjWDj6gnf+XxXA/6O+ZTeIAikhpMuy9MtCGtP3QGDg4t2LrmdhADy
2oAI3TfoECf5f4YyHY8bbLbck6U3NqBgjnG08QZEYBbwgflbGr6GMkr7c/a8bVSw
dEdH2CxWew26U4cEG8qJOwgvuf/WTvGVsV0Zp9kXRHMyjSr/cBfee5SWkdguWAFr
qOHTSUDmEXei6VIQZLrQ1zvXiz8EUfCYp6QW9hrrVYMMw8/udTLrPKdhbqU+EMpI
gTGBTP2FISM=
=e+SD
-----END PGP SIGNATURE-----
ESB-2022.2503 - [SUSE] openldap2: CVSS (Max): 9.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2503
Security update for openldap2
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openldap2
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-29155
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221771-1
Comment: CVSS (Max): 9.4 CVE-2022-29155 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for openldap2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1771-1
Rating: important
References: #1198383 #1199240
Cross-References: CVE-2022-29155
Affected Products:
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that solves one vulnerability and has one errata is now available.
Description:
This update for openldap2 fixes the following issues:
o CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
o Fixed issue with SASL init that crashed slapd at startup under certain
conditions (bsc#1198383).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1771=1
o SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1771=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1771=1
o SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1771=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1771=1
o SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1771=1
Package List:
o SUSE OpenStack Cloud Crowbar 9 (x86_64):
libldap-2_4-2-2.4.41-22.10.1
libldap-2_4-2-32bit-2.4.41-22.10.1
libldap-2_4-2-debuginfo-2.4.41-22.10.1
libldap-2_4-2-debuginfo-32bit-2.4.41-22.10.1
openldap2-2.4.41-22.10.1
openldap2-back-meta-2.4.41-22.10.1
openldap2-back-meta-debuginfo-2.4.41-22.10.1
openldap2-client-2.4.41-22.10.1
openldap2-client-debuginfo-2.4.41-22.10.1
openldap2-debuginfo-2.4.41-22.10.1
openldap2-debugsource-2.4.41-22.10.1
openldap2-ppolicy-check-password-1.2-22.10.1
openldap2-ppolicy-check-password-debuginfo-1.2-22.10.1
o SUSE OpenStack Cloud Crowbar 9 (noarch):
openldap2-doc-2.4.41-22.10.1
o SUSE OpenStack Cloud 9 (x86_64):
libldap-2_4-2-2.4.41-22.10.1
libldap-2_4-2-32bit-2.4.41-22.10.1
libldap-2_4-2-debuginfo-2.4.41-22.10.1
libldap-2_4-2-debuginfo-32bit-2.4.41-22.10.1
openldap2-2.4.41-22.10.1
openldap2-back-meta-2.4.41-22.10.1
openldap2-back-meta-debuginfo-2.4.41-22.10.1
openldap2-client-2.4.41-22.10.1
openldap2-client-debuginfo-2.4.41-22.10.1
openldap2-debuginfo-2.4.41-22.10.1
openldap2-debugsource-2.4.41-22.10.1
openldap2-ppolicy-check-password-1.2-22.10.1
openldap2-ppolicy-check-password-debuginfo-1.2-22.10.1
o SUSE OpenStack Cloud 9 (noarch):
openldap2-doc-2.4.41-22.10.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
openldap2-back-perl-2.4.41-22.10.1
openldap2-back-perl-debuginfo-2.4.41-22.10.1
openldap2-debuginfo-2.4.41-22.10.1
openldap2-debugsource-2.4.41-22.10.1
openldap2-devel-2.4.41-22.10.1
openldap2-devel-static-2.4.41-22.10.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
libldap-2_4-2-2.4.41-22.10.1
libldap-2_4-2-debuginfo-2.4.41-22.10.1
openldap2-2.4.41-22.10.1
openldap2-back-meta-2.4.41-22.10.1
openldap2-back-meta-debuginfo-2.4.41-22.10.1
openldap2-client-2.4.41-22.10.1
openldap2-client-debuginfo-2.4.41-22.10.1
openldap2-debuginfo-2.4.41-22.10.1
openldap2-debugsource-2.4.41-22.10.1
openldap2-ppolicy-check-password-1.2-22.10.1
openldap2-ppolicy-check-password-debuginfo-1.2-22.10.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
libldap-2_4-2-32bit-2.4.41-22.10.1
libldap-2_4-2-debuginfo-32bit-2.4.41-22.10.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
openldap2-doc-2.4.41-22.10.1
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libldap-2_4-2-2.4.41-22.10.1
libldap-2_4-2-debuginfo-2.4.41-22.10.1
openldap2-2.4.41-22.10.1
openldap2-back-meta-2.4.41-22.10.1
openldap2-back-meta-debuginfo-2.4.41-22.10.1
openldap2-client-2.4.41-22.10.1
openldap2-client-debuginfo-2.4.41-22.10.1
openldap2-debuginfo-2.4.41-22.10.1
openldap2-debugsource-2.4.41-22.10.1
openldap2-ppolicy-check-password-1.2-22.10.1
openldap2-ppolicy-check-password-debuginfo-1.2-22.10.1
o SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libldap-2_4-2-32bit-2.4.41-22.10.1
libldap-2_4-2-debuginfo-32bit-2.4.41-22.10.1
o SUSE Linux Enterprise Server 12-SP5 (noarch):
openldap2-doc-2.4.41-22.10.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
libldap-2_4-2-2.4.41-22.10.1
libldap-2_4-2-debuginfo-2.4.41-22.10.1
openldap2-2.4.41-22.10.1
openldap2-back-meta-2.4.41-22.10.1
openldap2-back-meta-debuginfo-2.4.41-22.10.1
openldap2-client-2.4.41-22.10.1
openldap2-client-debuginfo-2.4.41-22.10.1
openldap2-debuginfo-2.4.41-22.10.1
openldap2-debugsource-2.4.41-22.10.1
openldap2-ppolicy-check-password-1.2-22.10.1
openldap2-ppolicy-check-password-debuginfo-1.2-22.10.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
libldap-2_4-2-32bit-2.4.41-22.10.1
libldap-2_4-2-debuginfo-32bit-2.4.41-22.10.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
openldap2-doc-2.4.41-22.10.1
References:
o https://www.suse.com/security/cve/CVE-2022-29155.html
o https://bugzilla.suse.com/1198383
o https://bugzilla.suse.com/1199240
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYorEi8kNZI30y1K9AQg1CQ//WvJKMZUZvqa5PZBVBtD77jn1Qx01Cz/o
DuAYoatLg1HtgO8gJUU+PwK9IKl2oirkg7Qr9yY1jGRBzYqLUSFCYyK0J0Qn5Hnf
/RAQJxW7oGstIjcrNtNbkIhMR5UIJ3p28i+WyRPxNDp04sN/ckRyS3ZKJXgN76Pt
vh7boKjuTXu2A7d6y+iDeQYZP64+f26p6AxGLCy1yhyy7kVO6gQBnT4WejM4gwjU
XUN4xHfhRalKHOXvSbR5YtuBhXNpFNAKiu4gVkyNXDAzqPzpExkh1woNNf2Deie1
xhre99UhPs+4U7I+coSJELmtAwqKJdz+UAg6rGnaSQbGeCmEen7HyJiltahOwUL2
ZT5mGeYtJHwTSjzED/Uzg6HEOY/FwaOVOI2YkYGTVVS6kX/7Bn/Bg59ztedz+3r2
Ay0bfMNdlpzRWlr0w0SJ7RjIbRe22bdOytlR+d2O0e28JgTWxI7eU21iBLQlt5lI
33/yifnjumu1yCkvfoa36Mqz7rEwlsKfR/4W7BZ7qraya/vkC1CdWl68ROQwJzew
4jsSCueJGQZ5yZwRbeaLM80Ru+clRbeO0W6XOMCmPvqFl/++xzDBBvFrgdS9ugQk
Y3MszUq/6oQS2Zdx/brS8dV81pou/KnwcanHK9ZGz8xJYxpNq4JJizcnK+7DLOkS
+AqrYCUyL10=
=fPwq
-----END PGP SIGNATURE-----
ESB-2022.2502 - [SUSE] ImageMagick: CVSS (Max): 5.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2502
Security update for ImageMagick
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ImageMagick
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-28463
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20221762-1
Comment: CVSS (Max): 5.5 CVE-2022-28463 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1762-1
Rating: moderate
References: #1197147 #1199350
Cross-References: CVE-2022-28463
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata is now available.
Description:
This update for ImageMagick fixes the following issues:
Security issues fixed:
o CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350).
Bugfixes:
o Use png_get_eXIf_1 when available (bsc#1197147).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1762=1
o openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1762=1
o SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1762=1
o SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1762=1
Package List:
o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1
o openSUSE Leap 15.4 (x86_64):
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.26.1
o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.0.7.34-150200.10.26.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.26.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.26.1
ImageMagick-debuginfo-7.0.7.34-150200.10.26.1
ImageMagick-debugsource-7.0.7.34-150200.10.26.1
ImageMagick-devel-7.0.7.34-150200.10.26.1
ImageMagick-extra-7.0.7.34-150200.10.26.1
ImageMagick-extra-debuginfo-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.26.1
libMagick++-devel-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1
perl-PerlMagick-7.0.7.34-150200.10.26.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.26.1
o openSUSE Leap 15.3 (noarch):
ImageMagick-doc-7.0.7.34-150200.10.26.1
o openSUSE Leap 15.3 (x86_64):
ImageMagick-devel-32bit-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.26.1
libMagick++-devel-32bit-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.26.1
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le
s390x x86_64):
ImageMagick-debuginfo-7.0.7.34-150200.10.26.1
ImageMagick-debugsource-7.0.7.34-150200.10.26.1
perl-PerlMagick-7.0.7.34-150200.10.26.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.26.1
o SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64
ppc64le s390x x86_64):
ImageMagick-7.0.7.34-150200.10.26.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.26.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.26.1
ImageMagick-debuginfo-7.0.7.34-150200.10.26.1
ImageMagick-debugsource-7.0.7.34-150200.10.26.1
ImageMagick-devel-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.26.1
libMagick++-devel-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1
References:
o https://www.suse.com/security/cve/CVE-2022-28463.html
o https://bugzilla.suse.com/1197147
o https://bugzilla.suse.com/1199350
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYorEaMkNZI30y1K9AQju8Q//c4MYjhI002eL6+PP50iLv46W0Y7MKqhZ
JUTwCYGmqOY4smIgZv7aoeapGSgi0VtNq2WXHR0aE973FJLuWJEofjKzTqG4UGcG
HnVq1bmo8R+1OOkr1CvXGQbSLrhIMvFOFt2qnymCNrL/gGEio9wDln5UrLHDZa5g
+Fr4xnoGCj5TMJp3Q6qPkn83E2eaX2v3vpZFPcIGNlwjjpgve0x4C93LKvDu+kwJ
cPTnLiVTlMBXrXaLCWdYGqW2vGerqm+o8djoqSdKYTf6fxMccqk8gLOO05JCIadF
Gj8S8+tmePiKEqZ3fiP/Z6BEJYBLYplvxehP/PgdNeaVDmrEKQ/+B/dPsiHlvfq3
PrHOp2jrVvra/kD+/duBUWaokTZQvtcGHjwKBhJc+oegs8KllxJfAiTLeEVpzn+q
4boQFy5zGjeBOBoFg4AZo1NOPmzOpj/2ivwp7bsd7Idvx1Sh4LQUP8ijtnTc41Ln
RKGDR2bNT/9/g7Q9Co95L7itfzBC4erWl8frAF5Rl+pC/r1kFWBSbnNpg6PtQ2eX
+j9e1kOuKVHsQqcJUwo14Jzgn9NGccOFhjv7STinVb6j3W8RkvzN8+ov0n5jp8GO
oEj9bE5bGY04KI2SUV3UgJF0qABcu1GAfrzJVmTMbETVs/joQ5jaTw53TiZQ1vbj
OkKqNrBy92E=
=H74y
-----END PGP SIGNATURE-----
ESB-2022.2501 - [Debian] condor: CVSS (Max): 9.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2501
condor security update
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: condor
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-26110 CVE-2019-18823
Original Bulletin:
https://lists.debian.org/debian-security-announce/2022/msg00112.html
Comment: CVSS (Max): 9.8 CVE-2019-18823 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5144-1 security@debian.org
https://www.debian.org/security/ Markus Koschany
May 22, 2022 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : condor
CVE ID : CVE-2019-18823 CVE-2022-26110
Debian Bug : 963777 1008634
Several flaws have been discovered in HTCondor, a distributed workload
management system, which allow users with only READ access to any daemon to use
a different authentication method than the administrator has specified. If the
administrator has configured the READ or WRITE methods to include CLAIMTOBE,
then it is possible to impersonate another user and submit or remove jobs.
For the oldstable distribution (buster), these problems have been fixed
in version 8.6.8~dfsg.1-2+deb10u1.
We recommend that you upgrade your condor packages.
For the detailed security status of condor please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/condor
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKKmudfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQULhAAkWzFscqLmOmYG6ceWoRYpVGADM3iidhVRA0DPSPMMFuuKiSO6frXkA7u
fmP3JHIpdq8CnZ+dooPXRkjSeSYfKTtXzm3h9RBxafNWtdAy7ynKHvfax2OlhlP8
9RxLxiYsie2NXhB/L3lDvDpvGyoOlw6PER6ZVEUVsFAg7ryhUkmcrr+JFYM44/on
5KtfQbQ3hWSNMn6SMVvaAZBYeoAGaRfCMPpY4SxRlecL9PouW91+uXFUl9kH3As7
LJT3z8jxtOF/XY4u7gCsdXJINAxdc5M54yz8AwPvuDSWaTVtlUCchKY/Tg6+Upam
AA3TjoYZK/dqHP5/aSogyC7r/BEbe3EXWuSa+9s57XzTcL5Hs53d6jPYqc7t6m33
yXeDuJkxi55tHWvb6I3GmaKcN1R4Cq/J3sTlSMBoh3ixUPManfzhZT+drZJ22cKJ
wzcs1ZxnwDTKGDR4WGOSsrdbgc7cpzVEPC7T20XU+K0gjseRwu1sJQqs4v9mFuah
uxeXHpJlaaeh/ITzGolprST6jzSrZ78XtNTIBxLVi9MGXfRM9ezPhyL3y4wtYZHe
O3SS4xW4g4XKfMFErBnYmJR7TmH6bez3r7dMjAXfStVsUPsySkSKTu9Vp6csbbRw
8NuvpZl+/DPgwjMnizIvCYCE155fLQFY58eJBX5eGjlV/jrc4H8=
=qbdZ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoq2p8kNZI30y1K9AQhaKhAAjQ/hbIxzRBjHllSD3XWPiylgbqV8PbxZ
6kAyfUit9Wt9jsSfcc2vNrRRyItfMI3PcVVbhPcVdKSaWdChPlnMC4IxhopneBN6
ZIQ760Mibbn6e9U7wvD7NEs2SGT9hKslofQocGxjci5CFvMjgcCx1N9wa5+9ajDj
ZHEnIQ3iDL2YFTIO3BFkdykjkE0/pkqD3wzkfHzLKI6uHvdiV4wPwcaK9Brg04lJ
d3QZIBJCtecMZOqowtlylfAETJgvrNoqyhszpDQHndHicLCx0gOtDX4MwX3z0zUg
4tHr1SkcNwvbUuTid9kIk+HYme/eUdrDE18R46fIGE8GSnwe+tgDxSuPMJVUV+7K
0MN2ToEgQnaNm+6a8iVDVEfoU46L67ntI4ZjozPAv1KsDdMdctIf21YscmHrr/4i
AUmMQwSDqTDnN9mzMAKeV6mDoBghbPZlpEF8C8heDPiv4DhUVMQ+zU66RACbEAAR
FmiR2ghzvWmLshktyxKYzDhjNsQUkqXbuIo67xpRAgB+ivt3fN69S53vp9of/Z4Y
1CB90jU0GjjdBrMAaVfHAEoKL0JeSPpdtEbBk0fZ8Fo66BmfmKnHPt6kZe+bB9OE
adtIEV2L1ZX2sMDbHvkpoAMw73W0h1UoZ5LOy4XaLKMJiQp8xw38naBDhefdOofJ
SbKq52lR7is=
=eLjQ
-----END PGP SIGNATURE-----
ESB-2022.2500 - [Debian] firefox-esr: CVSS (Max): 7.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2500
firefox-esr security update
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: firefox-esr
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-1802 CVE-2022-1529
Original Bulletin:
https://lists.debian.org/debian-security-announce/2022/msg00111.html
Comment: CVSS (Max): 7.5 CVE-2022-1802 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5143-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 22, 2022 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : firefox-esr
CVE ID : CVE-2022-1529 CVE-2022-1802
Manfred Paul discovered two security issues in the Mozilla Firefox web
browser, which could result in the execution of arbitrary code.
For the oldstable distribution (buster), these problems have been fixed
in version 91.9.1esr-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in
version 91.9.1esr-1~deb11u1.
We recommend that you upgrade your firefox-esr packages.
For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKKUtwACgkQEMKTtsN8
TjZjdQ//cEbDNLVLwRFBdNU2ZO61Rxb297FyD15T0W0YYq4FWV2aAiK7wS/c1X3D
WCqGLJxb+/XRhfVYRimvfL6NJv4tqCXt1hyWVJ0xtxtLrsCSvpcUYkaAQ/MI39Un
ESlr4VWMEsKL0uV47kBxchsR+fXoYkHnc3y9Wv7AMN2alJqz9EA7YlMji3p2mi9i
tD7v21O1QUt+cryO5aC1ktr9sIeB5Ol+oP9pQi7KBA1Bprf21JGaBT1G5GFVS7vi
4ye/1xTPdDLRNqI7XFaQbti6iJ/IA3ClYPZxZ7TR/emGYljqZ1JLJSkVc25CNQc/
cNPIElMxKolRTmusreG0Nsdu/TZllMfQw4pScvFanhnzoSvKCMRx0ECjAiKUhkdf
B/KkTN/rVyvlxeoWGCA92rhKRrfexMhzPLaBa8KffFqT6XD57LDZaczcjJNEPxZC
Wgp//rY5pMFYKfz4wUEXpEDVC/DjKjHQrNZkviHi/t4inrYLddtUQrkW2akz1eZh
WOBrqOQ/Mj3T+N2RhyG3NQqG/rcUSyNuu2k80rR0YdqNvty0KEMbL/GPxrIrWxzC
dpYsJ/m0Jv9SluiEu9/v3FsXi99jRbaEysP0noRIsTgXOpqu0r2EDLKsTRY3aI9f
64Krq9y+DJMzn5/w/MmA4d+UsM4YFdInSIlMWRHih28HKu3Hwjc=
=N6E0
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoq2kskNZI30y1K9AQh/gw//RNwdU+cK0QBl5fumz07XEqWrtytWwMTX
V9bnMWy3lzTctxLUdYRsSHX3iGTjuio44/Pkn3JOtRkoHIX5/ilRBowwWNkSf5Kp
lBnpPBUfMYYVaBtkgEzI4kcY3OD2ZlJuTNv0HevSRTPinsCk/zpBOqxPU1d1nZYF
hzMG0Fgb8hXrCxsEDH/v+GpU4pKpOq6w2FPzCb+mFS/7RT7kW+nzN1qWm+ar74CM
JNzsEudQE3Sx7xdTimbo7eoZCSHOVQrqB8FXdpxFrXYgQWreu9xl+aAMRR3X2DuX
9isBSq1cpj/7PQ4It56KUe8y4L+LkUEbrhgdRxaFvmQoX5lzCnhtfIVQlabmsaju
ORmw7VGBoY61G0irtCI9zYpKP4jPGgYuWImGfI1/e68ThXoNdtlcWIUKZwh9PFYr
tct2xfxIfiSlg3K1EDn+bXBfo5IKbU+63LVIm18tPHyW0OWJ+6YVXT7rGu+4EwJc
e1mP985m+9i6PmNof+S/24Pm5jUMbI7NHjauuWQJLUnWl4JdC9bL11jlkVSJ/PA8
EGHi8Ph3RKDvXiB6ULl9Wk3UpdKxiKPRi/OdcUOVxu/hkbihWRA10jZoeSo7WAgC
l1x5BU2cFLwjZSXIpXs89RgLQgRVX50149WvsMbp/dpcJogAl0aLmx5PqIC2TyV9
NamnJhYggwI=
=J2VK
-----END PGP SIGNATURE-----
ESB-2022.2499 - [Debian] libxml2: CVSS (Max): 6.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2499
libxml2 security update
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libxml2
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-29824
Original Bulletin:
https://lists.debian.org/debian-security-announce/2022/msg00110.html
Comment: CVSS (Max): 6.5 CVE-2022-29824 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5142-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 22, 2022 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : libxml2
CVE ID : CVE-2022-29824
Debian Bug : 1010526
Felix Wilhelm reported that several buffer handling functions in
libxml2, a library providing support to read, modify and write XML and
HTML files, don't check for integer overflows, resulting in
out-of-bounds memory writes if specially crafted, multi-gigabyte XML
files are processed. An attacker can take advantage of this flaw for
denial of service or execution of arbitrary code.
For the oldstable distribution (buster), this problem has been fixed
in version 2.9.4+dfsg1-7+deb10u4.
For the stable distribution (bullseye), this problem has been fixed in
version 2.9.10+dfsg-6.7+deb11u2.
We recommend that you upgrade your libxml2 packages.
For the detailed security status of libxml2 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libxml2
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmKJ919fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QYbw/+Km1VrO2214d+etzZ31VeHn5R/UtGDeCRUN51qf4x82JChUXaoi8c/pI4
MChbevhE29HFilYqTkFo2N7nArgT1WwRGzsjs4lXQ8j8YXsJYLJmR87Ley57z4lA
S06I/3i4Su7az79XHA33tKWrFeAjwtjIhZ/in7OR2Dzm19quag9frdeWSHccAjwY
zvE4mbrMItHhiTcTRS2kg29R2NcWxE0VOK1k5fyiJ+IBtdqTsJmeJ68gmWjJOvet
uM9IYcmMHQay2ROVnO+e11aG1UB9E6j/k8BKSCV9cobkDByNfpKk4hD0oNtoKaHp
VgQr0XXXemFKUSXCJISOkCDiWPvKHZeuu935H+dIMrFQ+9xP3z0Ct1EK+HHLmqzb
2E1E/4yYZltxXWZC7oVZttvdOMBotDMQ0K4QwJYc4gHnan6lZgrxpaXtxgbkqvEZ
DMeBZC7GVqjhSC8dggHfJbpONQI8u9EjiAPq/cJUnFEdlyc63J7Ti4oFAQ5BuZSn
cEcPJlMo+3TKIsyPBsxwQAIOGup6pXoBdJLZVYd2umuhhyEdBP35S1OhQ4o5bjfR
9x9NOJex6AubUdGGUe3fZgwrAIYcGHTNzTEqlKKmFmyHx1X0+1UcECmJ9zye0cPU
ILXofOp+VUeLSm0JeqvhAYD8C47ZaYX9mSo2VPjtM0L1Kz4Pto0=
=lDgh
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoq2fMkNZI30y1K9AQgXWQ/9G/Kgvlmu2mMDTGUUkN5bg/p5B7h28chz
EXW6l8yN27A5cFhi6c/7DK91h+Hig1G3jWLBPfZ1VOMG8e6Uzogg0QwNkpasfK7l
lhHlDLDfpv2X0xP9RLA3Z0HdlqPAcqSWgJpd3GgDFp13lpmuW6rm06gL+DHKNi5G
/+NVxacBTWW6SK2Y7Ebc4iqA0zOQrzLIrESmypFW7Ve9esIVEHkuqZpvjxYRfU8V
ZAwXSfB43gBS8HswZLDFW1uDji5Jya1Rs9t5yiqJ1Uw6LlozGHTC4bJdNTGt66uJ
pCLX3nBn4b/eq3PG8W070yOZRTQ+4YCOk3f+Jb4MLMSaKmnry364zu7PCXj3ZbEO
jXXKrprS1KBHry2eH2ETKm+ORufDFVjS7ZQB2WFHxbUlkVqRhVgkmwU5kk5Pm2qK
cmum/V/6U9Jww5Nw3J8Y4H/jKCV2umoVto7DD4242zwBXGGkw2gWt8K7pU8QP39T
e+FkRQCWX+AlPjkm/sXEvuQ8+KfTBjV6Q12LgpEeiVim4rFE+CGz/RfOSO0RTX4Q
dJJocfSndV0ikbeNAoqrVvKpBavfdn4gdeBN1nOpGhJfsq3/q1RIFTk4GhOGmq59
Q/VroQmtJ30TwcIb5WvYGAXvB0EEtQxhSs3cp0mcXs71wTRqpJtY69Rbtf788pDx
1nz6jskoCKE=
=yYtt
-----END PGP SIGNATURE-----
ESB-2022.2498 - [Debian] libpgjava: CVSS (Max): 9.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2498
libpgjava security update
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libpgjava
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-21724
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html
Comment: CVSS (Max): 9.8 CVE-2022-21724 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3018-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
May 20, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libpgjava
Version : 9.4.1212-1+deb9u1
CVE ID : CVE-2022-21724
It was found that libpgjava, the official PostgreSQL JDBC Driver, would be
vulnerable if an attacker controlled jdbc url or properties. The JDBC driver
did not verify if certain classes implemented the expected interface before
instantiating the class. This can lead to code execution loaded via arbitrary
classes.
For Debian 9 stretch, this problem has been fixed in version
9.4.1212-1+deb9u1.
We recommend that you upgrade your libpgjava packages.
For the detailed security status of libpgjava please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libpgjava
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKH/Y1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTRRA//axXnTODkyY5FQnB1Mj1JXKupXKh5/0vQNwal4a7PVTL72dq1nSCDmIhy
h1DM88EwLAp2v6ou1FywQ51i747mIQ9duKS9be7ybsbOdKPl3BTVLPxdFtwSmPgX
KeHk6DmA6TjxI0/+G/fJiSoGx0jNYnbB5SN0UXkR4eK9zZ2xD2jUmBqoxIVGyKDo
0IqGl4rw/8leUNR/Q5YPnWD3DarqlWxHt8D8glSjbYb1dvlIPHGjOFbt8hTy/Yad
K+BioQCo6U1gq5dac9TinSrns4BSdFw1PKK8APDhsDV/imKWFObAB7jv65ouKloW
nMdCPc614fifTa36c4BbRHcXxgiU9fIcFGP19xmYzRS2mlMTkBbCE52BrM95xf14
3w4ZomSp0wF0sApOpH/qw0lc3dZhHflJRzUAssNGwX59XezmQj9KZvQdkMxKjz7K
SvGlnbA2fDD4kUyXe/uyuXJeKMEAxOOQvTHxKoRuasIcbh2PU97vzfzYwaP7l0VV
92UtgK38u9fD/47ZzMY3JH9PWzNdQvHzH2ClXByATnWFch+a/BW85+SVkbYZcjDO
/EiNRNTJ7cJ7kO7j330d81/wNkK4M6WxXBr9Tzmy5xHzLv7mkJLUcZv+cbZqXCiX
sz/4A/7pC7fFExrs8ZAoaZRIc879J+KdXuDKALsiKL0hRbe44MU=
=/Fpw
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoq2aMkNZI30y1K9AQic1RAAiWnpskZD/pbnaIC/6m3yMUSg5o8JmqeG
cmiC2x++eTv05WjRLB5tH/SkmgCjgFkhdwFfEquuYnv0Ie04nWNoi6/Bo0gBAE9q
mPngekMUIL80n6j88t6DGcZseJPhbbPXa+yet/Pt7HAnpx0Le973z2wa/yTWBfSa
6sUFNbdCaV3AjfiRZ/PthfSwJsKLAcnR0wP0mePUdQaouheHA1s/piz4iJD28MwX
dzvuGo9CeXnBXICQhOh1NYJfLO2D2US5nMOTjUv5B7PAzQAEmVYRfi7FKIum/B1F
saquF9MZOOyoFh8v5FiY6zvdgiDtz4k9VbaxgHGVJ3vwM8nJvHZYO2xdvzx8K9CV
44hLrkcHk65sJXQ+5wSpCoTSfwzHT0mYJBYmX4tSv/1agMVBrOO6Wm9HxYbXEB7s
1r4CRY0dMUEawLJZuLLWYmlBmYA2cmX+JCzjH0pZTSalz82ig2zIsmNCrCKYxshR
tLosl0S5jW7mLCh8E/bHcj/vHdFfIPjfwRSXJJL2UI+dcxqced2qG8gZw0bgCCbX
aLh1XhlHeYP21PXLn2NyZvp26HuNpviR5LRhFnoCRCj+tRwFSE7o3du68mus+sdn
okAlAftk1j1EXwceu7VQQNuGUXXfnary3B9nMtzB3hAb9QF1m4a7lw0V1+pMGgXN
NF7nuzwu/54=
=2M59
-----END PGP SIGNATURE-----
ESB-2022.2497 - [Debian] rsyslog: CVSS (Max): 8.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2497
rsyslog security update
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: rsyslog
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-24903 CVE-2018-16881
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html
Comment: CVSS (Max): 8.1 CVE-2022-24903 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-3016-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
May 20, 2022 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : rsyslog
Version : 8.24.0-1+deb9u2
CVE ID : CVE-2018-16881 CVE-2022-24903
Debian Bug : 1010619
Several vulnerabilities were discovered in rsyslog, a system and
kernel logging daemon. When a log server is configured to accept logs
from remote clients through specific modules such as 'imptcp', an
attacker can cause a denial of service (DoS) and possibly execute code
on the server.
CVE-2018-16881
A denial of service vulnerability was found in rsyslog
in the imptcp module. An attacker could send a specially crafted
message to the imptcp socket, which would cause rsyslog to crash.
CVE-2022-24903
Modules for TCP syslog reception have a potential heap buffer
overflow when octet-counted framing is used. This can result in a
segfault or some other malfunction.
For Debian 9 stretch, these problems have been fixed in version
8.24.0-1+deb9u2.
We recommend that you upgrade your rsyslog packages.
For the detailed security status of rsyslog please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rsyslog
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmKHmvkACgkQDTl9HeUl
XjDhIRAAgEsNtgpwyS1wPOhclpaTVq+ZKziprV/CytVy8uB2sa7cltWakNY35am+
+hWaG4aIwUchOnrGseBjqRvjhZKFsJ5F1FVN+cJqs6Kre86Jo3k3L043SMow2slc
0iWm9JZdtSLN0KaxYPlxDRSGjgg9rEC5qjqdzQiMfnp00+qH0u10hV+rA8JXyXt+
O12ACaMwDKb3Q70yt0U/7a8+Fed2WFM03fTO5/E3rWxPJqRf/QN493s1MyD7yJiE
+zG9vpsDnbTuvmcseAH7bsjJ8JHVQpD+Vk7pPS4JGUQ7zIjj3Lou/17ur5iCsAWR
b+j5vlYbso4XAMDP71TgiNaE0RZS9L2uTe89PPfLtxUxuhvLIebC1ee7GutDLO8K
El+knPFfClRds9lswpiaWgQqzUld2k9pZDNTQLaNTHjau6x2oDlJy1aQnJLZSz3B
B0yoff1LV6zziVLSAEfKDUOJep+1Dv9zhwYg6wq8j35Djip83IJuf0CYyefGdRuO
NXly1pQLchWqKdlVt+SblH7n37e0zs6EiGjW+/hV6QJILzP64punRHZMOzj8Af84
RTvUxTCdhP9rgTyDI10IzuApWig85PO9tROSJVhgC4m4Szn02NTsE3ObPCB3klgd
UKpa68xsaw/820OxM1g35iom0TRYaidLss53tROemOA/KhNv8Zc=
=PK3a
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoq2TMkNZI30y1K9AQjeqA//Sbp7aZrw3OvCKdtU/ukmKrGOOCdkrDJl
XnO3vZJGCI+a1CuwewGCNIhic77Mjk7d059wKzEnkwUwZC+h2LNxhI2oFV/KQJ6/
M4VHxpPAgsNy2/lhgTSYYYmsnD5uLRiEDqQLQQDQOel8muiDfq3f+lAmXN20PWKE
aPLBgDb2064LL9HSdZbmCBYHCmIjP0noaAG6X7J0aEYWInxZnkSmlo8tv0wvy8Eg
Cv+Nu6Pshr5erRbIzUz/M3uO3BHFwRmad8rvAI0ungYYCerFUzT7uLSWEWVnvR8y
rMvd9uB7OoFzQIFo4hpHM2sG8ePpvMoQYreeqFnqAbNPGS06BYTj7rcoEZo1s7qa
jTjbBlnWjnZNOJw4jngimTrUHPHGaeMPDea8JQIBYtdaCSclDgkRvcZEzN/DvYkn
mAz1Uda9/NqOr9RbV+qRZDg3rlKAEIAdsGeWuAg5lnGzlXCckTgxzmQoPwJguCEe
cL4+loxZTowEo7EZhwPXtmZ3CrBK9uo5ayPDwR6lj9l7CT8XabhaxcgJP9IQ77iO
k4SQ25UpYOI938qHwL7R1XieK0s+giqdm5oQjk4OdZS4c3BYrcly1f7Wz4eogdDy
81IcfSoaJM1rCso+TEK2LSSzetEB+2t8uh3V5xf6QqhGW9vDzBaBk/ci1B9lTTqO
csTAXmtBIeg=
=5CMW
-----END PGP SIGNATURE-----
ESB-2022.2496 - [Debian] ark: CVSS (Max): 3.3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2496
ark security update
23 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ark
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2020-24654 CVE-2020-16116
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2022/05/msg00026.html
Comment: CVSS (Max): 3.3 CVE-2020-24654 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3015-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
May 20, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : ark
Version : 4:16.08.3-2+deb9u1
CVE ID : CVE-2020-16116 CVE-2020-24654
Debian Bug : 969437
Fabian Vogt and Dominik Penner discovered that the Ark archive manager did not
sanitize extraction paths, which could result in maliciously crafted archives
with symlinks writing outside the extraction directory.
For Debian 9 stretch, these problems have been fixed in version
4:16.08.3-2+deb9u1.
We recommend that you upgrade your ark packages.
For the detailed security status of ark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ark
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKHhChfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQlYw/9HVFxDs2IS32mSsjbJTaKa8HKTVkl6Vg9A4JQuPAMc5dCV8R7pld26wZm
92pMFHfmI8I/xvDYl8rBJ3HiLJQB6BddvIhVPhDB5vUq0hPx9RB1cDwegChC0bbQ
XXIqULUcP9QWhZirUUgbDQcCmvDWvuJ/rwmorsNvS5vu8FEKgYz/5L+GJoEd6kL0
FgTfHt91i83I2rcbVfRXXKFYp2MKzI6uEPreu7liyknSkJrB3xxz76a3cN9WQx0v
UBWYsGfxMXIsV5mSq1v8xaCXErlJ+5wCpR5yM7ErvqyAQjdE/DljJxpya3ynuQ0e
/qIUTbh+SUytFxKysLYNn7zj9M3JfZW0ZI1DQlj0qHz+ntk6k7aFYjbQNMdapMzp
G3OcEz7+yiGOx4UZDhYulCJ3zUI/sVjfB3yARBjQkEyBS3hAhX6l2N6syWOaH2lI
R5vIhAY/sqGGi1fxEar4FH8+YQV7PU5hyuOPy8rTqG/mkJdCFb8flV5YBcoUoW+V
Jvm7wJ9NOyKccTdWaRg+pURUv8Z7ZtAKEEhEdQOuNpCZi7wQy1WtjVtYOgRiqFkx
WwNlyJ4p42l0FEByjQJw8ETaixU9dNEbRweeeeCkiWItlOcv8WOqbShuEHmAVFMT
1FGVB21g1umtdpBqKk/StJVqk/baz4TuGy9o587c2aG/OpzKwyM=
=u8bA
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoq2MckNZI30y1K9AQjtrA/9Ew3Ua5fHwEbCl5svWbPfV8sbEKPbKNOX
aS7/UKxzOR/mZiV3g4kY5z+pwTcWZoh/ag98EBhsNm2Fk7VMeVWftzFdC/vNCDpZ
DN0FpQpTP9XDTouXNaAsXtxvOaNkOtkciq/kWCIwEShF3kbg+P5DdyCDwxGIdddn
bEaPu57TPUvS9SmpKAKdQIs1o6Dxs+NycGUdNvV0d75qhlXkLRT4BxTP5qKbO0mX
tsnZnCxob2pLvo45XjIvugyt9R/bBzYop4t/6cHeaeYMn81zJMKKhoCZhO6noU6L
1aoUs3KDrj+lLZ/MAM93K2oAnwtmTjFT20YXmKWO45dMe/n2WGkJww8xW0KojEM5
k5e6v244Cv7gupvVp3y0V/W8rsj+YwApCrzyRcxvcpdo4ReHNM/hSy2UgzzrXs5v
GhIPCivgurMDBsjWp+Nwxs+3YW5B0A2rQQ3t02rqVAoVAxeBMie0aihKh7ve4oBf
xdMJvBOiHqFecBWtZWAdSi4kLQiH8ejkG+cYjFC+q9r4Lr/F/TpzQV0AXWRiR+Ty
16lAFVxZVRhEjR1fFYbqHODvsHq3zu//oybijCRmgMdMWjltHSEeR9UCi3X4fsZ+
oQE0oTukXryzi3ev5p1VZvdQgaMuO/cN7SQvjJoU4S+VlT+59YqZ2LsrSB4jyYS4
VGl0tVcToeY=
=RchC
-----END PGP SIGNATURE-----
ESB-2022.2495 - [Appliance] Mitsubishi Electric MELSEC iQ-F Series: CVSS (Max): 8.6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2495
Advisory (icsa-22-139-01) Mitsubishi Electric MELSEC iQ-F Series
20 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Mitsubishi Electric MELSEC iQ-F Series
Publisher: ICS-CERT
Operating System: Network Appliance
Resolution: Patch/Upgrade
CVE Names: CVE-2022-25162 CVE-2022-25161
Original Bulletin:
https://us-cert.cisa.gov/ics/advisories/icsa-22-139-01
Comment: CVSS (Max): 8.6 CVE-2022-25161 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS Source: ICS-CERT
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- --------------------------BEGIN INCLUDED TEXT--------------------
ICS Advisory (ICSA-22-139-01)
Mitsubishi Electric MELSEC iQ-F Series
Original release date: May 19, 2022
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided
"as is" for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .
1. EXECUTIVE SUMMARY
o CVSS v3 8.6
o ATTENTION: Exploitable remotely/low attack complexity
o Vendor: Mitsubishi Electric
o Equipment: MELSEC iQ-F Series
o Vulnerabilities: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could cause a
denial-of-service condition by sending specially crafted packets. A system
reset is required for recovery.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of the MELSEC iQ-F series a CPU module are affected:
o MELSEC iQ-F FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS: All versions
prior to 1.270
o MELSEC iQ-F FX5UC-xMy/z x=32,64,96, y=T,R, z=D,DSS: All versions prior to
1.270
o MELSEC iQ-F FX5UC-32MT/DS-TS, FX5UC-32MT/DSS-TS, FX5UC-32MR/DS-TS: All
versions prior to 1.270
o MELSEC iQ-F FX5UJ-xMy/z x=24,40,60, y=T,R, z=ES,ESS: All versions prior to
1.030
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER INPUT VALIDATION CWE-20
The affected product is vulnerable to a specially crafted packet, which may
allow an attacker to cause a denial-of-service condition where a system reset
is required for recovery.
CVE-2022-25161 has been assigned to this vulnerability. A CVSS v3 base score of
8.6 has been assigned; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:C/C:N/
I:N/A:H ).
3.2.2 IMPROPER INPUT VALIDATION CWE-20
The affected product is vulnerable to a specially crafted packet, which may
allow an attacker to cause a denial-of-service condition.
CVE-2022-25162 has been assigned to this vulnerability. A CVSS v3 base score of
5.3 has been assigned; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/
I:N/A:L ).
3.3 BACKGROUND
o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
o COUNTRIES/AREAS DEPLOYED: Worldwide
o COMPANY HEADQUARTERS LOCATION: Japan
3.4 RESEARCHER
Anton Dorfman of Positive Technologies reported these vulnerabilities to
Mitsubishi Electric.
4. MITIGATIONS
Mitsubishi Electric has provided the following mitigations or workarounds:
o FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS with Serial number 17X**** or
later update to v1.270 or later
o FX5UC-xMy/z x=32,64,96, y=T,R, z=D,DSS with serial number 17X**** or later
update to v1.270 or later
o FX5UC-32MT/DS-TS, FX5UC-32MT/DSS-TS, FX5UC-32MR/DS-TS update to v1.270 or
later
o FX5UJ-xMy/z x=24,40,60, y=T,R, z=ES,ESS update to v1.030 or later
Use a firewall or virtual private network to prevent unauthorized access when
Internet access is required.
Use firewalls or an IP filter function to restrict connections to these
products and prevent access from untrusted networks or hosts. For details on
the IP filter function, refer to 12.1 IP Filter Function in the MELSEC iQ-F FX5
User's Manual (Ethernet Communication) .
CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices
on the ICS webpage on cisa.gov Several recommended practices are available for
reading and download, including Improving Industrial Control Systems
Cybersecurity with Defense-in-Depth Strategies .
Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .
Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.
No known public exploits specifically target these vulnerabilities.
For any questions related to this report, please contact the CISA at:
Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870
CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYocSlMkNZI30y1K9AQi0gQ//dhOVg2Zdj0qgS8SqUisd9rsVNjGaKntw
47LoznXMkkWucMeIWx6nK/zOcr6PgTJ6Q5iFyun0lWlhmsiJmW18EKudcjK38NBV
VjW9ZYe5slFLBWisdGdiqXyFgOiYO6CvWTMA1b8EJ5jeXRxJIJQ2xDRvyixw5hFT
pNyFojhm+yVvZTTc9M1tPuo9OvhOyvqKkR8465cKMOwyyPnirnWM01d6vbE0Oq3e
wVtSsZEDAGHZscjhEyP0xwUVJBp1Mk9m8rAs5yz+qu7iXLiN7GLFxsdGiLsh9kW7
ir2fbN6nHz5dVieYSwdNiTwBzv9fZqA17H4NNiiy9NOyXKcM4yLtMgHVQ49D1+7p
Krnb3iOYH8CSYNzz8r0GYXYFaOysq9WN1HnXqPu9kE3npLXyn/rqKiS5vKWIVbQF
0NUlPhDHEutr9qiUAmbs7CgW01S+6DL6dj3cOKYVHD3dTAeMMpYSO/rmkiop1miG
IeBABiyhwoDXS2U4goomXksg6M/IXAh7Tcxc637aU93kr0GeOR/b0gJ1MxF53SSB
M/IvaBOA4xc2iphogN7NZHGQ57JI5ZN5BJXVHaHbFVg1wp1FDT9SFnObjaTZq77n
SplUJdRudGMwoEYBPJKGyr95WSCJcurUav//OwMtf1KBFXYn50L9cWPSO74vqHYL
jdiQnD8yr7Q=
=cpmB
-----END PGP SIGNATURE-----
ESB-2022.2494 - [Win][Linux][IBM i][HP-UX][Solaris][AIX] IBM WebSphere Application Server: CVSS (Max): 5.6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2494
Security Bulletin: IBM WebSphere Application Server is
vulnerable to Spoofing (CVE-2022-22365)
20 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM WebSphere Application Server
Publisher: IBM
Operating System: AIX
HP-UX
IBM i
Linux variants
Solaris
Windows
z/OS
Resolution: Patch/Upgrade
CVE Names: CVE-2022-22365
Original Bulletin:
https://www.ibm.com/support/pages/node/6587947
Comment: CVSS (Max): 5.6 CVE-2002-22365 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVSS Source: IBM
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365)
Document Information
Document number : 6587947
Modified date : 19 May 2022
Product : WebSphere Application Server
Software version : 7.0, 8.0, 8.5, 9.0
Operating system(s): AIX
HP-UX
IBM i
Linux
Solaris
Windows
z/OS
Edition : Advanced,Base,Developer,Enterprise,Express,Network Deployment,Single Server
Summary
IBM WebSphere Application Server is vulnerable to spoofing when the Ajax Proxy
Web Application (AjaxProxy.war) is deployed. This has been addressed.
Vulnerability Details
CVEID: CVE-2022-22365
DESCRIPTION: IBM WebSphere Application Server, with the Ajax Proxy Web
Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a
man-in-the-middle attacker to spoof SSL server hostnames.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
220904 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
+--------------------------------+----------+
|Affected Product(s) |Version(s)|
+--------------------------------+----------+
|IBM WebSphere Application Server|9.0 |
+--------------------------------+----------+
|IBM WebSphere Application Server|8.5 |
+--------------------------------+----------+
|IBM WebSphere Application Server|8.0 |
+--------------------------------+----------+
|IBM WebSphere Application Server|7.0 |
+--------------------------------+----------+
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by applying a
currently available interim fix or fix pack that contains the APAR PH44339.
For WebSphere Application Server traditional:
For V9.0.0.0 through 9.0.5.11:
. Upgrade to minimal fix pack levels as required by interim fix and then apply
Interim Fix PH44339
- --OR--
. Apply Fix Pack 9.0.5.13 or later (targeted availability 3Q2022).
For V8.5.0.0 through 8.5.5.21:
. Upgrade to minimal fix pack levels as required by interim fix and then apply
Interim Fix PH44339
- --OR--
. Apply Fix Pack 8.5.5.22 or later (targeted availability 3Q2022).
For V8.0.0.0 through 8.0.0.15:
. Upgrade to 8.0.0.15 and then apply Interim Fix PH44339
For V7.0.0.0 through 7.0.0.45:
. Upgrade to 7.0.0.45 and then apply Interim Fix PH44339
Additional interim fixes may be available and linked off the interim fix
download page.
IBM WebSphere Application Server V7.0 and V8.0 are no longer in full support;
IBM recommends upgrading to a fixed, supported version/release/platform of the
product.
Workarounds and Mitigations
None
Change History
19 May 2022: Initial Publication
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYocSZ8kNZI30y1K9AQjAwg//UP0HSXpQpZVFBfFxldbx8DqGZDDqdomG
nKYwHikMAq7ASmc5JgvgYkqARYod5UC0L/jqI0K6igIDDkgsbQQzTBfzSEvup3Fs
RA9tYl01DtaQ6+qI2+4v52OPGaBmw6yrOjbp4drJH9oEa+GXTth6vKDOK+vMBKYO
EOhoe90MFkgIMIoqJ9xSsjgtFTg1Fj8EMHzu0oD10YcC50NxpurCeRCPTOYT+uUB
TgR12QNwi026RMLvwAOryufu25STmdH3qflw5oANb8FuaL6hkvV4uSx3qc3+XMm4
BB84nec+8yFBTNdETk9i4pGgVPJ1IY/+std+gqJihwETQuK6qSl/CaIh1Rumum6P
fSPDMisPWbWDc/U587xj5I8RuxNoJbQzLIaTnvPzrunMCf/z4vo7N/u4vBHZKGkZ
ROWGt/up55eJRFHC85SYyQPTCDo7z/bMQSeX7O8zT/10YB2Hi0uEagGcucTNTL/a
G1BnIg8apHgYhzz3ffjcYFNz1MOayFYJn+pVs8GjnA775AAMW4LZLutnQutPZPVh
bhpLmGgwZBefW4TpSXcchYNbWD89jp5a8qYfzTQa2U6RMhA+x75QXDaBVQnTCstx
EPLazkR84ADhZ0kJ/tNwCkDdRukd5qAymDzDCKj24glJUh2GzrwODkI+TTURXk+1
QVIMy06TUzs=
=wKzx
-----END PGP SIGNATURE-----
ESB-2022.2493 - [Debian] thunderbird: CVSS (Max): 7.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2493
thunderbird security update
20 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: thunderbird
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-29917 CVE-2022-29916 CVE-2022-29914
CVE-2022-29913 CVE-2022-29912 CVE-2022-29911
CVE-2022-29909 CVE-2022-1520
Original Bulletin:
https://lists.debian.org/debian-security-announce/2022/msg00109.html
Comment: CVSS (Max): 7.5 CVE-2022-29917 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5141-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 19, 2022 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : thunderbird
CVE ID : CVE-2022-1520 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912
CVE-2022-29913 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
For the oldstable distribution (buster), these problems have been fixed
in version 1:91.9.0-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in
version 1:91.9.0-1~deb11u1.
We recommend that you upgrade your thunderbird packages.
For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKGsnYACgkQEMKTtsN8
TjYbCQ/+N6Kn5fh66eyQF3rE0C0CE/uAwab7CIpkOkBMC89gVakzvEl8lYgh9MGu
90g6GfH9IJd4dPz9qOQg6ToaWkmIFSL/kL/xEHP4/C8OuSE3WApINmy5WtsqWPZW
USIr7WVD8IhGyfV+ql5p1tqFlfSXSK8lhVsKd2qykrWtS5K7HSUoiPm3KJxut4VN
7UjnTu9PsXCGL0lXQ0dnp3312DXrm8+mkFWognJs7MRvRjUScquozXo3umA0f6nT
MY5+uEAMI0sMDvoAlNb6VwudbZEj0jTQFY6hcDcr40/xjiHeYtz4XjT5NUS0GCe+
ItT+gjN6VbIUZ8Ybb1CAyKZfzAkB0IkeYK7ywGg1rvWgpvK1SJxAtnBqZQ+usjV1
PkBpIpg1MEFLYYKakoFYtT0SqESBOqDpzp20NH8maq5VGDjOm32oelPKT66OLy+a
xAZUydFZHhnA2H1/gdmPZ5zxYYmDoONU0PVvD8JYYLiaipdqchxvdOHhA0D0Ys6y
PxLBLBJ3XNXU+XSHCchOsH8tcfld7PvB9gjnBsogpe7vZHw5kb2pRoEOoz2Aeq0a
QqXugRdCuF4f+c4orbEuvrzsJa7SbzO6whyHstKmL//YnVAGnRJsDv8Q5Upo4qHG
tc8DfUUCG0y2TTLMwE0h8e8flJVSDPeyTUiOgDC3TGrE/S3gF38=
=qYL6
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYocHD8kNZI30y1K9AQhrhxAAh1AZbRaMWIKtZoUAvPBbIFnpzoLX6pkg
VT/3z2xNN/izEMyWr89nnpHRxyfY4zec/kksZbDmwUdm5TERjhdil4MShND7cxK7
x09Hvwe1qrpKTMWA69dNfiRd0Jm73Hp7YxddqAM6/ZWRzH95nOmMIrBq9fNxR0E3
/eSeMWVM/1qE6ASCyWMrScZcaSr8uvXOGq7RjfCdCL+tpTSO0wUoiAZF3IASld+j
v5+IbkiFJKlcMw+ywne2kee6+yhX0tNsXQ2vMY4YlsP+yqskaHMpMKB0QRqVsRkf
ZNl9apZ1a4OurUkjGudUIvAu11YZW0lI1JK8aSb2ax2t7/jGFfloSQysyPyzpinI
VVv+Yn/i0oRFQhDr9tc24RQUJyZA3EAHG2yQ1ozUzWFEKCyiCbhDP2UaA0QY/Y7x
Qwan/I4pjJw8g+PJviXjJ3ypC2kxKBr55Fgb24rnYiIrKRqIJ/R9arKniaTp3QSu
2ulLYsbU/Bkbf8wFrCeMX5jdv8scrI0h6ebw39aEs3iYgq7OKuRX7WQFK+2JpP/u
zrSeMCT8Yfvcv56DomjtYYjyTzwcWx0PQFqzOauwRWutW2Qaot1LBa4U3SJxrytO
4KNVI2v3ty1VOec3tttcJQx9nsZrHqx5fW4Y5QbFdsjsRHUO5XXtwYOqdC/A9OgM
eckH+7yARVY=
=CQHt
-----END PGP SIGNATURE-----
ESB-2022.2492 - [Debian] openldap: CVSS (Max): 9.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2492
openldap security update
20 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openldap
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-29155
Original Bulletin:
https://lists.debian.org/debian-security-announce/2022/msg00108.html
Comment: CVSS (Max): 9.8 CVE-2022-29155 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5140-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 19, 2022 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : openldap
CVE ID : CVE-2022-29155
Jacek Konieczny discovered a SQL injection vulnerability in the back-sql
backend to slapd in OpenLDAP, a free implementation of the Lightweight
Directory Access Protocol, allowing an attacker to alter the database
during an LDAP search operations when a specially crafted search filter
is processed.
For the oldstable distribution (buster), this problem has been fixed
in version 2.4.47+dfsg-3+deb10u7.
For the stable distribution (bullseye), this problem has been fixed in
version 2.4.57+dfsg-3+deb11u1.
We recommend that you upgrade your openldap packages.
For the detailed security status of openldap please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/openldap
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmKGog5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0R03Q//TDC5ZCoSjIFiAhWdDUZudPRo8O8Pec3Z1fJ90MHkqFV7UiVSbjkoJhHi
0MMNgD6kiDvCM5NE7Opv7uxGviNJCJmvzwdw11X4m+HVbt5phfooeM4rr4MAV8FM
t7OfUinVTb1kry3j1660SiV1J5wI2WXXta8yj8zDIYnpWD0k/ievXgFjN+jfLSbu
GO7E4k2bmHmyi4P/C9BExkzMINa7y4DbfQzTTbBFycEKE6FQeTxJhI4U1uUf27/y
iy5vB17E5R4PCmaX3+YGjvb/TceSX6q/Bs49hh3ktL8K6o3csBsglgR8uHygBqxQ
JggTEKO+L/zP5Av9nZRmp0krTlKf52uGlCD9hS/vp4YOlDTnLgXkMivPoYSZms0L
dEIhFgwd4+iKZD5JgUYqcv9ZHA51+9XT8shCjgWLRYzPQbgBs0zl5iGYa36RvYwR
7tS0STd4GJpcBPrry3ppqsp0E+7WplAY9H8RHUgl3r+rGXygpW0QsYycT39MPFDD
IH5G5nmhOxoHD25nnW36+Fl7V2An76Jc/br1hpc0TV9hQkmpDbZJdjBJLINS12FP
J/WSWIeywDmJHYHrU/PNWBPh9OqSJyxrrX7kfxdXWDFZy4o2Db+A48m7X8f3rlrv
rFUMS3KcBrQqvx3nq2gj5CpPCAz000d0/GnECLckeIeYTL8OqhY=
=PNiK
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYocG6skNZI30y1K9AQjMKw//aSA0ZqD2X4sWAO8zrg+HPlWf8tmrU4oZ
05dHFZ2OTXSloDNaZi0kPaqpXgaYG8Zp3kYgOt8sq5WzkV1O1bW1A+6WOYOcXiKw
4nfHdZ92BsI8Gr+ssJLA20ZfR+iHZBiKg2zqmC6DKxRTNz/Bhe4Z9hbT/eSIKh/S
bTgYSKGCjm5W7MFX2Vu0xnJ8XrOIRi6pB6QEMRm434tK0yacBJM4ql1me824sviO
kY3zMab247mEcOm8CniSKfz5YoujW1GcBntoUWSSC/eCRC+nGchQ/jAxXKebO77a
Oz6ZNxU/qFnl85MX65c/LS+DLZH7skBftb56K+Wh3tEiAGabIMnttYOXmVivdlmv
KFgfKN/FMrIbJqTvm40OVBdtMY8F9kXc4znkZhPRg7Ike5e6B6QIIGF2sB0Ug/QQ
tOf0EjBSI5+XJcP7EnJpprHOV4AMlGJaR8G/vbYow5PhHQCLfzCk7pQfvVLd1Dfs
jlKX7AoyY4IeQ6dI6WkJjFPQNDGL6MsDEgRkCdjjCWJww9+pq8clWAcU1sxa+IDJ
jYM6ax8hrMvGJKF/ppVDNEw91fT/HIbvekW0WgoPem2Ys0wkluezl9O2TTTFknQW
SVPOYUzdxNgNKnhMKV7oZZZk+0z5n+yHoTPJsFm5CfCEseP/q95x5yUVpeEdcHba
349ckFVRDBw=
=JIWQ
-----END PGP SIGNATURE-----
ESB-2022.2491 - [Debian] elog: CVSS (Max): 7.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2491
elog security update
20 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: elog
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2020-8659
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html
Comment: CVSS (Max): 7.5 CVE-2020-8659 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-3014-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
May 18, 2022 https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------
Package : elog
Version : 3.1.2-1-1+deb9u1
CVE ID : CVE-2020-8659
A vulnerability was reported in src:elog, a logbook system to manage
notes through a Web interface. This vulnerability allows remote
attackers to create a denial-of-service condition on affected
installations of ELOG Electronic Logbook. Authentication is not
required to exploit this vulnerability. The specific flaw exists
within the processing of HTTP parameters. A crafted request can
trigger the dereference of a null pointer. An attacker can leverage
this vulnerability to create a denial-of-service condition.
For Debian 9 stretch, this problem has been fixed in version
3.1.2-1-1+deb9u1.
We recommend that you upgrade your elog packages.
For the detailed security status of elog please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/elog
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmKE4hEACgkQgj6WdgbD
S5YffBAA6FRlAhak9z7kNxLXDGJCqTInUpv6QHk4Bau991xpCx4Cau0DsXY08P2c
5xAbgOaT2kD6TPT/wptkH7E0SyDJ4p2EjNWEHGSNV9eVAGBd+sP4AbpDeRf/caXZ
GZkScCf5+PyVxD5YdyidF3HvRcJOPepIyT+eRx+6zx0vja7TCywpy4rqYFFOpEdm
4O/aO7QhtCZNa2TI07SL8Gh3PcA7cveW6k4janMx4AZCDY+zcGeP4ySSHmaKjAE7
4xJbuo17q7AVGozzFuaMZoZD0z955/t1mYTUX864JCFpVoBJCbHxyaTCpy0pqD3/
bRnBSrgZM2hCSlKaKOMo6Y0gpS4RGYi1uA/TQVrF11c6mNFZ7usbmbqsK3gvonOf
5Y7HRXavVCCfU/XUoh30GTMGmfdo7HQLwdFCOu8yTZvyDBxjoLP3irciD3agrixW
4yn3HHp4z8xj0iiegmpObyle77DKXBRRIftwEXZGwHl98LIXcqVJARWNMvZWTtjD
oVl6BeQSOSgeKf21psRzcv/QYS2Wd4hPBKtLVYNjbv3iBhbLZK3IMDbbHXT17JP7
0VxQnHG5d9wb3Edc20YvG5Sz/zNYGz/Ybjleu10DTgj4eNCN839RgKkrpZNttRCe
dYPf2u8xbF9SsJNVKeAUgOcj1kmN34rKBNphrne66+Wxl44e3T8=
=/o3p
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYocGtMkNZI30y1K9AQhhIQ//aurJrN5YH3HINRWDoveU4FHaoEd0HKEx
zXzYvlQzihBydFORVFEZ0uU998TrGnSU1kQVB3BAc6Q6NsXbIiTGI1vsWnTQ8wtU
1++Dp5EXMBvzdaJM1fAipGKqh8FAUqpq0IRE5/W9khM9R2HOxjx4pxazu6VaPj/G
9q4KWwzGI8P49GP1IIGnYnlekfKIdLRnnGyOBY+DW0Ude4I6oJonqMwc4s+XAPLt
+mcqwibUebOREkWkNNUCPvcQMRG7jjv1IgYRay2S7GhzXfmooEfDn4DXl5oat9NC
01Rky4/GXCV2A6BfGgOkgTVGhKFy0dr4VxTuiHSu+QpALvAmO41OIv+2Gt7plUdQ
d1oVCbYt8UaiLMSfp7B/Ai4uUVVXO61bUfztgxmcNlsDkea7gqK9YdTASS3KDRbI
2Rml1fj9EyLY2QWLKHBFZuEM+O0mBr8aURBk+8CxFaMGgzVRdmeFTconKNcYby+E
AbPGjgdpLWX9ZqhMbUgD/QvhtCqHOl7/jYVlzCkvD7u78cHp6AXHh5viGunlzkxs
mbTS6cmiC18+C8sO4BCFf9xw2zoOHUNJrtsNSPAZLOKvR9SJZLuwgo55t4lWlWwI
Hh1ElzhGeCr1Am7AD4/E8klBnaTXUf42H3WwgzdHyyjkPg2TQtMXUrFqApO8ZOcj
5qy2ZvOxp3E=
=TYkH
-----END PGP SIGNATURE-----