AusCERT - Security Bulletins

Subscribe to AusCERT - Security Bulletins hírcsatorna
Latest published security bulletins. See https://www.auscert.org.au/rss/ for feed information.
Frissítve: 2 óra 20 perc
2022. május 23.

ESB-2022.2510 - [Linux] IBM Cloud Private: CVSS (Max): 9.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2510 Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921) 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Cloud Private Publisher: IBM Operating System: Linux variants Resolution: Patch/Upgrade CVE Names: CVE-2021-29921 Original Bulletin: https://www.ibm.com/support/pages/node/6588167 Comment: CVSS (Max): 9.1 CVE-2021-29921 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) CVSS Source: IBM Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921) Document Information Document number : 6588167 Modified date : 20 May 2022 Product : IBM Cloud Private Component : NA Software version : All Operating system(s): Linux Edition : NA Summary There is a vulnerability in Python open source used by IBM Cloud Private for scripting. The vulnerability could be exploited by an attacker to conduct SSRF or local file include attacks. This bulletin identifies the security fixes to apply to address the Python vulnerability (CVE-2021-29921) Vulnerability Details CVEID: CVE-2021-29921 DESCRIPTION: Python is vulnerable to server-side request forgery, caused by improper input validation of octal strings in the stdlib ipaddress. By submitting a specially-crafted IP address to a web application, an attacker could exploit this vulnerability to conduct SSRF or local file include attacks. CVSS Base score: 9.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 201083 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) Affected Products and Versions +--------------------+----------+ |Affected Product(s) |Version(s)| +--------------------+----------+ |IBM Cloud Private |3.1.0 | +--------------------+----------+ |IBM Cloud Private |3.1.1 | +--------------------+----------+ |IBM Cloud Private |3.1.2 | +--------------------+----------+ |IBM Cloud Private |3.2.0 | +--------------------+----------+ |IBM Cloud Private |3.2.1 CD | +--------------------+----------+ |IBM Cloud Private |3.2.2 CD | +--------------------+----------+ Remediation/Fixes Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages o IBM Cloud Private 3.2.1 o IBM Cloud Private 3.2.2 For IBM Cloud Private 3.2.1, apply fix pack: o IBM Cloud Private 3.2.1.2203 For IBM Cloud Private 3.2.2, apply fix pack: o IBM Cloud Private 3.2.2.2203 For IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0 o Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2. o If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance Workarounds and Mitigations None Change History 22 Apr 2022: Initial Publication - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYorThckNZI30y1K9AQjxhw//eWyVqQi1xa7ej1fo/IwG/6YKRjKjjeR9 AAxhR0pQVdryiUbhdQ4fI94yQxB8PoAGJ+z4HTCx7U2Spp+Tsq1Z5FQfZysOoxiE y9nmuy/QADBdwfZyE5AP8VhVAPYSWgb+ahVdtGeoteRvRKaxGOtUY85KAeTrUtNj /kSiGcJt1GGAM22azzNcw3zM4/o6DmSSNddm7ks/rtELVLiLXmz6NOcgOrjselTQ 3FBOaRW16TbTwu40mdjLiy1V6ESwg/TKCFFquMdHJjOF3/9XeiKaUx5PnTiuM6g2 AcImM/Sw8K7TlXjPUScQ/AYIVDsYSq6JXMdEj6+yxzUxXPvQyafmnKSMgrG4ToXi x4lupeHYR90AsH2MCWu3T+8Fs+1Ya+LbLhZgIrkdcg/TIJBbFhsQC7zny6L+ST3s RVQHQY2gWqGC7QVQKCZwGN4s5AF1YHpD+TLS4LYnMw46CPsKc6A1rRaXW/FaTdPE C/TzkdSqv1laaLeusyTRmKw+seMG0J9j3RSR7pwpPffRdx+fY48mszBje6k17qBm 9D6M4NWPNQ9ewwXxaBNA3AzFtPbeWN6Iu5KXVpMtUzf34G6Xc4L2ACvQxrEEXJnv IzdnadoDFJawBUmB+yw524pT1jOMWsR5Aw3fCLaoDosZQdOse0xq+8ToylitZpaH MrWQddvtvs4= =WYlD -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2509.3 - UPDATE [HPE NonStop] UPDATE IBM MQ for HP NonStop Server: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2509.3 Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM MQ for HP NonStop Server Publisher: IBM Operating System: HPE NonStop Resolution: Patch/Upgrade CVE Names: CVE-2022-0778 Original Bulletin: https://www.ibm.com/support/pages/node/6588819 Comment: CVSS (Max): 7.5 CVE-2022-0778 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: IBM Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Revision History: May 23 2022: Fixed the CVSS Max score May 23 2022: Fixed OS format May 23 2022: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778 Document Information Document number : 6588819 Modified date : 20 May 2022 Product : IBM MQ for HPE NonStop Component : Server Software version : 8.1 Operating system(s): HPE NonStop Edition : 8.1.0.0,8.1.0.1 Summary An issue was identifed in OpenSSL when MQ is using it to parse certificates. Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 221911 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions +----------------------+----------+ |Affected Product(s) |Version(s)| +----------------------+----------+ |IBM MQ for HPE NonStop|8.1.0 | +----------------------+----------+ Remediation/Fixes +----------------------------------------+------------+-----------+----------------------------------------+ |IBM MQ V8.1 for HPE NonStop |8.1.0.10 |IT40196 |Upgrade to Fixpack 8.1.0.10 | +----------------------------------------+------------+-----------+----------------------------------------+ Workarounds and Mitigations None Change History 17 May 2022: Initial Publication - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYorVp8kNZI30y1K9AQgbog//X5BRBOgHyW+/4DXwCPUFLrubC6NnzPIV wlbvi1Br8KfDq6NtVVKhdaAv/8Q+3YmyiBGHyWF70Lpbaa8W2gHbE7cIAQ2liF6b Q10OWavhRmrR2OHfMM3V8dSXsuHsngTNnlUElNl+SJJ6V57ArqoPR/KuVZUAsEGL VKDxuUBgfhdtwWXKxO26KWrDOYYqr0OS/yfwAiubscWCub2oMUSo3hPgNq+DRNsw h8gdZn9USWxA+wCdIGZeqsuuyvMnIvA+mI3Ob3V2i0bq7x7fKL/V/i2Zjfckvx0e 2ZAInkkiqWm4J6X4nerEuIZt9cNZuOjg5ThFjGU0eZMep2gSZNslLk91MLgPFl7p dTtG2tkn0p5AsuBEX+SuWrk0FL43bkd5xdPdZQXrsXgvp8DVXgKaTDEg/QakxMwK k/cphSR6PN3NVpQSPmr09BP96+qehdEqYaxaSNEsWd7uFMW9F89KNc/ItAgAar4W lBJp9RpKgMY3BQW0vWpbmow+OhnP1DzQ3j9bxpER5LaLTTz5iFgB5UWhGY+p43ym 8N7Bj1BNFYrhMuSJNDvStd5uAI4pYGKo6+NSmJgVCBXJa7d/kaLQZqB0tcDVfy0m 0iE+NgGTzZofudmTu9SZAjDGJv1LO9wM0SWr31PVcoa0J/EcdtoJmYwQGdhO3Rzv RYl2JWeuuJU= =8s9a -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2508 - [Appliance] F5 products: CVSS (Max): 8.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2508 K08832573: DHCP vulnerability CVE-2021-25217 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP (all modules) BIG-IQ Centralized Management F5OS Publisher: F5 Networks Operating System: Network Appliance Resolution: Mitigation CVE Names: CVE-2021-25217 Original Bulletin: https://support.f5.com/csp/article/K08832573 Comment: CVSS (Max): 8.8 CVE-2021-25217 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: F5 Networks Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- K08832573: DHCP vulnerability CVE-2021-25217 Original Publication Date: 21 May, 2022 Security Advisory Description In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. ( CVE-2021-25217) Impact A stack-based buffer can overflow when statements are parsed with colon-separated hex digits in config or lease files in dhcpd and dhclient. Security Advisory Status F5 Product Development has assigned ID 1102881 (BIG-IP and BIG-IQ) and ID 1106925 (F5OS-A and F5OS-C) to this vulnerability. This issue has been classified as CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to K51812227: Understanding security advisory versioning. Note: After a fix is introduced for a given minor branch, that fix applies to all subsequent maintenance and point releases for that branch, and no additional fixes for that branch will be listed in the table. For example, when a fix is introduced in 14.1.2.3, the fix also applies to 14.1.2.4, and all later 14.1.x releases (14.1.3.x., 14.1.4.x). For more information, refer to K51812227: Understanding security advisory versioning. Additionally, software versions preceding those listed in the Applies to (see versions) box of this article have reached the End of Technical Support (EoTS) phase of their lifecycle and are no longer evaluated for security issues. For more information, refer to the Security hotfixes section of K4602: Overview of the F5 security vulnerability response policy. +------------+------+--------------+----------+----------+------+-------------+ | | |Versions known|Fixes | |CVSSv3|Vulnerable | |Product |Branch|to be |introduced|Severity |score^|component or | | | |vulnerable^1 |in | |2 |feature | +------------+------+--------------+----------+----------+------+-------------+ | |17.x |17.0.0 |None | | | | | +------+--------------+----------+ | | | | |16.x |16.1.0 - |None | | | | | | |16.1.2 | | | | | | +------+--------------+----------+ | | | |BIG-IP (all |15.x |15.1.0 - |None | | |dhcp/dhclient| |modules) | |15.1.5 | |High |8.8 |DHCP Relay | | +------+--------------+----------+ | |Agent | | |14.x |14.1.0 - |None | | | | | | |14.1.4 | | | | | | +------+--------------+----------+ | | | | |13.x |13.1.0 - |None | | | | | | |13.1.5 | | | | | +------------+------+--------------+----------+----------+------+-------------+ |BIG-IQ |8.x |8.0.0 - 8.2.0 |None | | | | |Centralized +------+--------------+----------+High |8.8 |dhcp/dhclient| |Management |7.x |7.0.0 - 7.1.0 |None | | | | +------------+------+--------------+----------+----------+------+-------------+ |F5OS-A |1.x |1.0.0 - 1.0.1 |None |High |8.8 |dhcp/dhclient| +------------+------+--------------+----------+----------+------+-------------+ | | |1.3.0 - 1.3.2 | | | | | |F5OS-C |1.x |1.2.0 - 1.2.2 |None |High |8.8 |dhcp/dhclient| | | |1.1.0 - 1.1.4 | | | | | +------------+------+--------------+----------+----------+------+-------------+ |Traffix SDC |5.x |None |Not |Not |None |None | | | | |applicable|vulnerable| | | +------------+------+--------------+----------+----------+------+-------------+ ^1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle. ^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by installing a version listed in the Fixes introduced in column. If the Fixes introduced in column does not list a version for your branch, then no update candidate currently exists for that branch and F5 recommends upgrading to a version with the fix (refer to the table). If the Fixes introduced in column lists a version prior to the one you are running, in the same branch, then your version should have the fix. Mitigation Use static Management IP address To mitigate this vulnerability, you can use a static Management IP address. For more information, refer to K15040: Configuring and displaying the management IP address for the BIG-IP system and K41712190: Displaying the management IP address for the BIG-IQ system. Protect the Management interface with Network Controls You should restrict management access to only trusted users and devices over a secure network. For more information about securing access to BIG-IP or BIG-IQ systems, refer to the following articles: o K13092: Overview of securing access to the BIG-IP system o K46122561: Restricting access to the management interface using network firewall rules o K92748202: Restricting access to the BIG-IQ management interface using network firewall rules o K69354049: Restricting access to the BIG-IP management interface for Configuration Utility and iControl REST services using iptables Note: For BIG-IQ 7.x, secure the management interface by using an external packet filtering device such as the BIG-IP Advanced Firewall Manager (AFM). Disable DHCP Relay Agent (BIG-IP only) If you configure the BIG-IP system as a DHCP Relay Agent, you should disable it. For more information about configuring the BIG-IP system as a DHCP Relay Agent, refer to the Configuring the BIG-IP System as a DHCP Relay Agent chapter of the BIG-IP Local Traffic Manager: Implementations guide. Note: For information about how to locate F5 product manuals, refer to K98133564: Tips for searching AskF5 and finding product documentation. Supplemental Information o K41942608: Overview of security advisory articles o K4602: Overview of the F5 security vulnerability response policy o K4918: Overview of the F5 critical issue hotfix policy o K8986: F5 software lifecycle policy o K9502: BIG-IP hotfix and point release matrix o K13123: Managing BIG-IP product hotfixes (11.x - 17.x) o K15106: Managing BIG-IQ product hotfixes o K15113: BIG-IQ hotfix and point release matrix o K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM systems (11.4.x and later) o K167: Downloading software and firmware from F5 o K9970: Subscribing to email notifications regarding F5 products o K9957: Creating a custom RSS feed to view new and updated documents - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYorK68kNZI30y1K9AQhLAg//fZctu+M04NXPR/AyKjUl1/IeWlFLgd0k nuv57wRNU/06T4n79hWQwDI8+L0ABGbfObBuVgOtrSjfrDSzyin/ZL/fJEavPny0 v6fc1FQFS3qf+pSnh3kzmlFoNTXF82mvuCKwwewWM7PEfEYbDBXgOI9OLMVG2Iil MxubJzDSEuqo2P57kZ2DH3ZIjPDzJ0GLYHkZ/CnO0/vrqS7H6Qs8twKbIjwia96q pC1sWmymOrAe8+eiPzIKrEwTK2HMgQ07MQVKFpJIEhK60TJSzAATGqXXJD2X8TX+ Jf9Sg21QpCcB2Lk/S1GCCm068vFt6tWO6pNz/h5ToP1z9Y6ykMTN0FNzPX/iGwmf /BnvFctnyG1NSpR4tForiw/2Gu8nPmLBFTYP+8lLDqb9xCUKKfGhRAhi3n2GAhBG qv1KBf41nX/+ebRnaW8kZ0eDJY4SSSkSELdOnEpUxgQecRC9E6VF5p1XGkcpxhPW gqgpSNro9c/x2gQ0vXwsnXb/wQNnd2tGqDZ2ZRuOHkr+DtR8UDR26suWGhI9cvzT lOAzxj4cV9HCBBw1Jjm58vT+4Umi0CHdhu7QadfLQHo944w1vbKAMcITQaioPsi9 GMVwqGLIyuPX2QTstCCXVwSzIPWC7y6vpBcpO/ucyL0lnnCaqe7Kdfn1V6nTcKPh hgex6ebboOc= =gkMf -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2507 - [Cisco] Cisco IOS XR Software: CVSS (Max): 6.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2507 Cisco IOS XR Software Health Check Open Port Vulnerability 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco IOS XR Software Publisher: Cisco Systems Operating System: Cisco Resolution: Patch/Upgrade CVE Names: CVE-2022-20821 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK Comment: CVSS (Max): 6.5 CVE-2022-20821 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) CVSS Source: Cisco Systems Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco IOS XR Software Health Check Open Port Vulnerability Priority: Medium Advisory ID: cisco-sa-iosxr-redis-ABJyE5xK First Published: 2022 May 20 16:00 GMT Version 1.0: Final Workarounds: Yes Cisco Bug IDs: CSCwb82689 CVE Names: CVE-2022-20821 CWEs: CWE-200 Summary o A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco 8000 Series Routers if they were running a vulnerable release of Cisco IOS XR Software and had the health check RPM installed and active. For information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Determine the Device Configuration To determine if the device is in a vulnerable state, issue the run docker ps CLI command. If the output returns a docker container with the name NOSi, as shown in the following example, the device is considered vulnerable: RP/0/RP0/CPU0:8000#run docker ps Wed May 18 04:54:52.502 UTC CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 54307e434f29 nosi:latest "docker-entrypoint.s..." 9 seconds ago Up 8 seconds NOSi RP/0/RP0/CPU0:8000# Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There are workarounds that address this vulnerability: Option 1: This is the preferred method. Disable health check and explicitly disable the use cases. To effectively disable health check, enter the following commands exactly as shown: RP/0/RP0/CPU0:8000(config)#no healthcheck enable RP/0/RP0/CPU0:8000(config)#healthcheck use-case asic-reset disable RP/0/RP0/CPU0:8000(config)#healthcheck use-case packet-drop disable RP/0/RP0/CPU0:8000(config)#commit RP/0/RP0/CPU0:8000# Then remove the health check RPM from the device: RP/0/RP0/CPU0:8000#install package remove xr-healthcheck Wed May 18 05:00:08.060 UTCInstall remove operation 5.2.2 has started Install operation will continue in the background RP/0/RP0/CPU0:8000# RP/0/RP0/CPU0:8000#install apply restart Wed May 18 05:01:08.842 UTC Install apply operation 5.2 has started Install operation will continue in the background RP/0/RP0/CPU0:8000# Option 2: Use an Infrastructure Access Control List (iACLs) to block port 6379. To protect infrastructure devices and minimize the risk, impact, and effectiveness of direct infrastructure attacks, administrators are advised to deploy infrastructure access control lists (iACLs) to perform policy enforcement of traffic sent to infrastructure equipment. Administrators can construct an iACL by explicitly permitting only authorized traffic sent to infrastructure devices in accordance with existing security policies and configurations. For the maximum protection of infrastructure devices, deployed iACLs should be applied in the ingress direction on all interfaces to which an IP address has been configured. An iACL workaround cannot provide complete protection against this vulnerability when the attack originates from a trusted source address. The iACL policy denies unauthorized Redis communications packets on TCP port 6379 that are sent to affected devices. In the following example, 192.168.60.0/24 is the IP address space that is used by the affected devices. Care should be taken to allow required traffic for routing and administrative access before denying all unauthorized traffic. Whenever possible, infrastructure address space should be distinct from the address space used for user and services segments. Using this addressing methodology will assist with the construction and deployment of iACLs. ipv4 access-list Infrastructure-ACL-Policy ! !-- The following vulnerability-specific access control entries !-- (ACEs) can drop Redis Database communication packets ! deny tcp any 192.168.60.0 0.0.0.255 eq 6379 ! !-- Explicit deny ACE for traffic sent to addresses configured !-- within the infrastructure address space ! deny ip any 192.168.60.0 0.0.0.255 ! !-- Permit or deny all other Layer 3 and Layer 4 traffic in !-- accordance with existing security policies and configurations ! !-- Apply iACL to interfaces in the ingress direction ! interface GigabitEthernet0/0 ipv4 access-group Infrastructure-ACL-Policy in For additional information about iACLs, see Protecting Your Core: Infrastructure Protection Access Control Lists . While these workarounds have been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, the release information in the following table (s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Cisco IOS XR Release First Fixed Release 7.2 and earlier Not affected 7.3.15, 7.3.16, 7.3.1, and 7.3.2 Not affected 7.3.3 7.3.4 ^1 7.4 Not affected 7.5.1 Not affected 7.5.2 Not affected 7.6 Not affected 1. An SMU is also planned for 7.3.3. The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory. Exploitation and Public Announcements o In May 2022, the Cisco PSIRT became aware of attempted exploitation of this vulnerability in the wild. Cisco strongly recommends that customers apply suitable workaround or upgrade to a fixed software release to remediate this vulnerability. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2022-MAY-20 | +----------+---------------------------+----------+--------+--------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYorK1ckNZI30y1K9AQgLpQ/8Cf1iYuGp8fVZ94EatypMbntlk0cNDmGA x+1+lq8VYVRFkFdASzUvEVilTt6jmOT77iEop+29p8zzH8A65sWFO4CD3DgGN2IU pqgRe0R0dmruTUKZmTpBeGzqu0F4KzZ4106LRkKKHTzY931i0PUmyPmpZ1j+F6sW J6Xguky+LTBJRTXxaNoviySxqEOTTRVD80iKgknPXus9kdt99h1RyJ7mNIVNTHZZ aRw/pueEn0eSga206DnnEl83rlnDOMYaN6VUce+wTggy3ttClVy4Jyyv2sRPWKR/ vW7XtQ/pX1f4csPisl+NDZJDQBL0iUqJubxtrUX8D0kGtx9PfI70I8PuJ1G29atW m2wN3pBa/1vXbrZ/9l1OOtJmQbCdDdHc44M0gISIK54wUzHK2iWJTU+g4D5xhWQw ecn8Me2mVThhFAU1VZ16uODjAN5Jv3/zanjKdfq+IhlkWqzlLZ6yZC+OQqizHhaB PbJmOwvy1k24w7drkziGsAlGV4YeosrNV04uRc9wuD3m/dsixMIOw6VDMVhueoJe 4RRPHN4Br3rQZf2GCqcllx736q1J5zxl1DmUfZwFTc2pkSbOedHXmQxy3fsbMjHF SwsWDe1edQJZk1YQUWAYNtA+KtrcMxXg4s7JIVXqJWa+4g7ishNyjtSMzqeb6pR9 RtRCU46zHJ4= =fa1a -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2506 - [SUSE] Linux Kernel: CVSS (Max): 7.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2506 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP5) 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-1280 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221783-1 Comment: CVSS (Max): 7.0 CVE-2022-1280 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1783-1 Rating: important References: #1198590 Cross-References: CVE-2022-1280 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-122_106 fixes one issue. The following security issue was fixed: o CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c. This flaw allowed a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak (bsc#1198590). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1787=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1788=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1789=1 o SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1781=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1782=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1783=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1784=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1786=1 o SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1775=1 SUSE-SLE-Live-Patching-12-SP5-2022-1776=1 SUSE-SLE-Live-Patching-12-SP5-2022-1777=1 SUSE-SLE-Live-Patching-12-SP5-2022-1778=1 SUSE-SLE-Live-Patching-12-SP5-2022-1779=1 SUSE-SLE-Live-Patching-12-SP5-2022-1780=1 SUSE-SLE-Live-Patching-12-SP5-2022-1785=1 Package List: o SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_19-default-13-150300.2.1 kernel-livepatch-5_3_18-59_19-default-debuginfo-13-150300.2.1 kernel-livepatch-5_3_18-59_37-default-9-150300.2.1 kernel-livepatch-5_3_18-59_37-default-debuginfo-9-150300.2.1 kernel-livepatch-5_3_18-59_40-default-9-150300.2.1 kernel-livepatch-SLE15-SP3_Update_10-debugsource-9-150300.2.1 kernel-livepatch-SLE15-SP3_Update_5-debugsource-13-150300.2.1 o SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-9-150300.2.1 o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_53_4-default-15-150200.2.1 kernel-livepatch-5_3_18-24_53_4-default-debuginfo-15-150200.2.1 kernel-livepatch-5_3_18-24_70-default-15-150200.2.1 kernel-livepatch-5_3_18-24_70-default-debuginfo-15-150200.2.1 kernel-livepatch-5_3_18-24_75-default-14-150200.2.1 kernel-livepatch-5_3_18-24_75-default-debuginfo-14-150200.2.1 kernel-livepatch-5_3_18-24_78-default-13-150200.2.1 kernel-livepatch-5_3_18-24_78-default-debuginfo-13-150200.2.1 kernel-livepatch-5_3_18-24_86-default-11-150200.2.1 kernel-livepatch-5_3_18-24_86-default-debuginfo-11-150200.2.1 kernel-livepatch-SLE15-SP2_Update_15-debugsource-15-150200.2.1 kernel-livepatch-SLE15-SP2_Update_16-debugsource-15-150200.2.1 kernel-livepatch-SLE15-SP2_Update_17-debugsource-14-150200.2.1 kernel-livepatch-SLE15-SP2_Update_18-debugsource-13-150200.2.1 kernel-livepatch-SLE15-SP2_Update_20-debugsource-11-150200.2.1 o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-9-2.1 kgraft-patch-4_12_14-122_106-default-7-2.1 kgraft-patch-4_12_14-122_74-default-15-2.1 kgraft-patch-4_12_14-122_80-default-14-2.1 kgraft-patch-4_12_14-122_83-default-13-2.1 kgraft-patch-4_12_14-122_88-default-11-2.1 kgraft-patch-4_12_14-122_91-default-11-2.1 References: o https://www.suse.com/security/cve/CVE-2022-1280.html o https://bugzilla.suse.com/1198590 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYorFP8kNZI30y1K9AQhtqxAAiG6bnxrp3dzG42lQcIuUZdRwlJzKBIgi 9IigRIBloSrFjT6Xy1y2gd/M9OAMwE4ABWw8pCsoSZFT3Rvs15KF1xwA6V8/BPzL WTdwZ8dzH7+wFzhFtbzYg25jZeejjAsciiww6fwUHwkwsrBYCAFyYGMobNuRM6ur eC9ExSo9GMnKi5E0nYb2JAAqM+vFKUoHdY9AB90Nxg0jIhu2g1ThpaPiSg47s6Vv vIWj/A1DTh7dyiFPhiEFQ4YHqmEVe2sI932A2ORDzGhUXFZwlkzx0vOgZrshtr7e /kcyvIFUQ0gOFNiuTFCnpn3H+h4ZDuPPyfWgzy34a9c2+XNN9hAgFU7q5hoBtFch uk0RPubXlF9DvxLQoX4Mt91AQ3rSmoYaWo/KPZyTSchL47VsxzYlRGgk0Bpt5+lg 1MJ4tWz+OkBOAi9GcAv3gIhVwPFOpS5PWSKt3/k4ARjitOCeeZytbkrf0CMXuqy1 TCWM6eIHLMETE+6ThlDUYUFlc0J6B+N5xlNcGQkumRhcjFYg76a81l2TL8DaT5q/ a7soRLKVDOXnWI1fx75oJuKGfiM0OUuRC769WPswXxZ1qG3W+77GJA5qOUNz3CbC i2dd8YRmBOpU1FPa8u4+ppOAzsiP4UKYDrH4ACE4tL57gnhvxfPP9+sf2z8OTc7V zzwx+jxMkEU= =n6RA -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2505 - [SUSE] php7: CVSS (Max): None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2505 Security update for php7 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: php7 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221764-1 Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1764-1 Rating: low References: #1197644 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for php7 fixes the following issues: o Fixed filter_var bypass vulnerability (bsc#1197644). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1764=1 o SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-1764=1 Package List: o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.105.1 php7-debugsource-7.0.7-50.105.1 php7-devel-7.0.7-50.105.1 o SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.105.1 apache2-mod_php7-debuginfo-7.0.7-50.105.1 php7-7.0.7-50.105.1 php7-bcmath-7.0.7-50.105.1 php7-bcmath-debuginfo-7.0.7-50.105.1 php7-bz2-7.0.7-50.105.1 php7-bz2-debuginfo-7.0.7-50.105.1 php7-calendar-7.0.7-50.105.1 php7-calendar-debuginfo-7.0.7-50.105.1 php7-ctype-7.0.7-50.105.1 php7-ctype-debuginfo-7.0.7-50.105.1 php7-curl-7.0.7-50.105.1 php7-curl-debuginfo-7.0.7-50.105.1 php7-dba-7.0.7-50.105.1 php7-dba-debuginfo-7.0.7-50.105.1 php7-debuginfo-7.0.7-50.105.1 php7-debugsource-7.0.7-50.105.1 php7-dom-7.0.7-50.105.1 php7-dom-debuginfo-7.0.7-50.105.1 php7-enchant-7.0.7-50.105.1 php7-enchant-debuginfo-7.0.7-50.105.1 php7-exif-7.0.7-50.105.1 php7-exif-debuginfo-7.0.7-50.105.1 php7-fastcgi-7.0.7-50.105.1 php7-fastcgi-debuginfo-7.0.7-50.105.1 php7-fileinfo-7.0.7-50.105.1 php7-fileinfo-debuginfo-7.0.7-50.105.1 php7-fpm-7.0.7-50.105.1 php7-fpm-debuginfo-7.0.7-50.105.1 php7-ftp-7.0.7-50.105.1 php7-ftp-debuginfo-7.0.7-50.105.1 php7-gd-7.0.7-50.105.1 php7-gd-debuginfo-7.0.7-50.105.1 php7-gettext-7.0.7-50.105.1 php7-gettext-debuginfo-7.0.7-50.105.1 php7-gmp-7.0.7-50.105.1 php7-gmp-debuginfo-7.0.7-50.105.1 php7-iconv-7.0.7-50.105.1 php7-iconv-debuginfo-7.0.7-50.105.1 php7-imap-7.0.7-50.105.1 php7-imap-debuginfo-7.0.7-50.105.1 php7-intl-7.0.7-50.105.1 php7-intl-debuginfo-7.0.7-50.105.1 php7-json-7.0.7-50.105.1 php7-json-debuginfo-7.0.7-50.105.1 php7-ldap-7.0.7-50.105.1 php7-ldap-debuginfo-7.0.7-50.105.1 php7-mbstring-7.0.7-50.105.1 php7-mbstring-debuginfo-7.0.7-50.105.1 php7-mcrypt-7.0.7-50.105.1 php7-mcrypt-debuginfo-7.0.7-50.105.1 php7-mysql-7.0.7-50.105.1 php7-mysql-debuginfo-7.0.7-50.105.1 php7-odbc-7.0.7-50.105.1 php7-odbc-debuginfo-7.0.7-50.105.1 php7-opcache-7.0.7-50.105.1 php7-opcache-debuginfo-7.0.7-50.105.1 php7-openssl-7.0.7-50.105.1 php7-openssl-debuginfo-7.0.7-50.105.1 php7-pcntl-7.0.7-50.105.1 php7-pcntl-debuginfo-7.0.7-50.105.1 php7-pdo-7.0.7-50.105.1 php7-pdo-debuginfo-7.0.7-50.105.1 php7-pgsql-7.0.7-50.105.1 php7-pgsql-debuginfo-7.0.7-50.105.1 php7-phar-7.0.7-50.105.1 php7-phar-debuginfo-7.0.7-50.105.1 php7-posix-7.0.7-50.105.1 php7-posix-debuginfo-7.0.7-50.105.1 php7-pspell-7.0.7-50.105.1 php7-pspell-debuginfo-7.0.7-50.105.1 php7-shmop-7.0.7-50.105.1 php7-shmop-debuginfo-7.0.7-50.105.1 php7-snmp-7.0.7-50.105.1 php7-snmp-debuginfo-7.0.7-50.105.1 php7-soap-7.0.7-50.105.1 php7-soap-debuginfo-7.0.7-50.105.1 php7-sockets-7.0.7-50.105.1 php7-sockets-debuginfo-7.0.7-50.105.1 php7-sqlite-7.0.7-50.105.1 php7-sqlite-debuginfo-7.0.7-50.105.1 php7-sysvmsg-7.0.7-50.105.1 php7-sysvmsg-debuginfo-7.0.7-50.105.1 php7-sysvsem-7.0.7-50.105.1 php7-sysvsem-debuginfo-7.0.7-50.105.1 php7-sysvshm-7.0.7-50.105.1 php7-sysvshm-debuginfo-7.0.7-50.105.1 php7-tokenizer-7.0.7-50.105.1 php7-tokenizer-debuginfo-7.0.7-50.105.1 php7-wddx-7.0.7-50.105.1 php7-wddx-debuginfo-7.0.7-50.105.1 php7-xmlreader-7.0.7-50.105.1 php7-xmlreader-debuginfo-7.0.7-50.105.1 php7-xmlrpc-7.0.7-50.105.1 php7-xmlrpc-debuginfo-7.0.7-50.105.1 php7-xmlwriter-7.0.7-50.105.1 php7-xmlwriter-debuginfo-7.0.7-50.105.1 php7-xsl-7.0.7-50.105.1 php7-xsl-debuginfo-7.0.7-50.105.1 php7-zip-7.0.7-50.105.1 php7-zip-debuginfo-7.0.7-50.105.1 php7-zlib-7.0.7-50.105.1 php7-zlib-debuginfo-7.0.7-50.105.1 o SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.105.1 php7-pear-Archive_Tar-7.0.7-50.105.1 References: o https://bugzilla.suse.com/1197644 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYorEvskNZI30y1K9AQjVAA/8CEYZQTVX5BoewxYpkTBDfkeyco3dgap6 34YtgaimY972QyyB+qoQVyJTs37qC1JBAC3ic3NpwmV9u/9m1Y34CK9pXRvb9862 VPra5wbsAJ8NmYq0hQQYhW6KqnkiyjMqqql7KclWjb7GhWPz5fYCD6U51ET/Ims7 jX1DhE1nzEQg9c06Bq2SF0YDrz/tf6nPXVpuDKNcPbBNxipl9JnauTt6EUzvSnDL okT2qzmlnHx24KCjt3ZtPKGYlNOjGjHbBVfGW3+tl8dnBGVnWOpF+hojYUiUTgPM 8VMozF+/abCGinAMG+98yaEEMPCZiyAdaFnm2i54Sv9gLyPtCLPpOVc9rFVGdw7S s7BRrxydB4eMyh1MrYn65K3eUiuwXiGT//02UoF/8MaXuf5nt3fET2pMCRfI3Q/J QnZnl9D/aP3gvruoD8jVGApeDqMb1UovUVvJj2o4FEslyM9DbbukEfeNiebyb8rR szMmkf7TWMTNuKLBBDnhlDDjOg4dFXdUBFN4nFRHPu1q3i/Q8kdw7FLoSuun1OvJ SoMb9gymWNMQ9ucoO+/eMqgdzNsq+uEqO5fsNwIlWk8CzmonXgX9lF2U5KRANxZD uCL+w4YjD3ykneK/Mv38A2LTc825QSCiOIKdteuv9EIztZDpRwGTPk0ZLHa3D5+I lCYchZF0msE= =pn/2 -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2504 - [SUSE] php7: CVSS (Max): None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2504 Security update for php7 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: php7 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221768-1 Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1768-1 Rating: low References: #1197644 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for php7 fixes the following issues: o Fixed filter_var bypass vulnerability (bsc#1197644). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1768=1 o openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1768=1 o SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-1768=1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1768= 1 Package List: o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): php7-firebird-7.4.6-150200.3.38.2 php7-firebird-debuginfo-7.4.6-150200.3.38.2 o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-150200.3.38.2 apache2-mod_php7-debuginfo-7.4.6-150200.3.38.2 php7-7.4.6-150200.3.38.2 php7-bcmath-7.4.6-150200.3.38.2 php7-bcmath-debuginfo-7.4.6-150200.3.38.2 php7-bz2-7.4.6-150200.3.38.2 php7-bz2-debuginfo-7.4.6-150200.3.38.2 php7-calendar-7.4.6-150200.3.38.2 php7-calendar-debuginfo-7.4.6-150200.3.38.2 php7-ctype-7.4.6-150200.3.38.2 php7-ctype-debuginfo-7.4.6-150200.3.38.2 php7-curl-7.4.6-150200.3.38.2 php7-curl-debuginfo-7.4.6-150200.3.38.2 php7-dba-7.4.6-150200.3.38.2 php7-dba-debuginfo-7.4.6-150200.3.38.2 php7-debuginfo-7.4.6-150200.3.38.2 php7-debugsource-7.4.6-150200.3.38.2 php7-devel-7.4.6-150200.3.38.2 php7-dom-7.4.6-150200.3.38.2 php7-dom-debuginfo-7.4.6-150200.3.38.2 php7-embed-7.4.6-150200.3.38.2 php7-embed-debuginfo-7.4.6-150200.3.38.2 php7-enchant-7.4.6-150200.3.38.2 php7-enchant-debuginfo-7.4.6-150200.3.38.2 php7-exif-7.4.6-150200.3.38.2 php7-exif-debuginfo-7.4.6-150200.3.38.2 php7-fastcgi-7.4.6-150200.3.38.2 php7-fastcgi-debuginfo-7.4.6-150200.3.38.2 php7-fileinfo-7.4.6-150200.3.38.2 php7-fileinfo-debuginfo-7.4.6-150200.3.38.2 php7-firebird-7.4.6-150200.3.38.2 php7-firebird-debuginfo-7.4.6-150200.3.38.2 php7-fpm-7.4.6-150200.3.38.2 php7-fpm-debuginfo-7.4.6-150200.3.38.2 php7-ftp-7.4.6-150200.3.38.2 php7-ftp-debuginfo-7.4.6-150200.3.38.2 php7-gd-7.4.6-150200.3.38.2 php7-gd-debuginfo-7.4.6-150200.3.38.2 php7-gettext-7.4.6-150200.3.38.2 php7-gettext-debuginfo-7.4.6-150200.3.38.2 php7-gmp-7.4.6-150200.3.38.2 php7-gmp-debuginfo-7.4.6-150200.3.38.2 php7-iconv-7.4.6-150200.3.38.2 php7-iconv-debuginfo-7.4.6-150200.3.38.2 php7-intl-7.4.6-150200.3.38.2 php7-intl-debuginfo-7.4.6-150200.3.38.2 php7-json-7.4.6-150200.3.38.2 php7-json-debuginfo-7.4.6-150200.3.38.2 php7-ldap-7.4.6-150200.3.38.2 php7-ldap-debuginfo-7.4.6-150200.3.38.2 php7-mbstring-7.4.6-150200.3.38.2 php7-mbstring-debuginfo-7.4.6-150200.3.38.2 php7-mysql-7.4.6-150200.3.38.2 php7-mysql-debuginfo-7.4.6-150200.3.38.2 php7-odbc-7.4.6-150200.3.38.2 php7-odbc-debuginfo-7.4.6-150200.3.38.2 php7-opcache-7.4.6-150200.3.38.2 php7-opcache-debuginfo-7.4.6-150200.3.38.2 php7-openssl-7.4.6-150200.3.38.2 php7-openssl-debuginfo-7.4.6-150200.3.38.2 php7-pcntl-7.4.6-150200.3.38.2 php7-pcntl-debuginfo-7.4.6-150200.3.38.2 php7-pdo-7.4.6-150200.3.38.2 php7-pdo-debuginfo-7.4.6-150200.3.38.2 php7-pgsql-7.4.6-150200.3.38.2 php7-pgsql-debuginfo-7.4.6-150200.3.38.2 php7-phar-7.4.6-150200.3.38.2 php7-phar-debuginfo-7.4.6-150200.3.38.2 php7-posix-7.4.6-150200.3.38.2 php7-posix-debuginfo-7.4.6-150200.3.38.2 php7-readline-7.4.6-150200.3.38.2 php7-readline-debuginfo-7.4.6-150200.3.38.2 php7-shmop-7.4.6-150200.3.38.2 php7-shmop-debuginfo-7.4.6-150200.3.38.2 php7-snmp-7.4.6-150200.3.38.2 php7-snmp-debuginfo-7.4.6-150200.3.38.2 php7-soap-7.4.6-150200.3.38.2 php7-soap-debuginfo-7.4.6-150200.3.38.2 php7-sockets-7.4.6-150200.3.38.2 php7-sockets-debuginfo-7.4.6-150200.3.38.2 php7-sodium-7.4.6-150200.3.38.2 php7-sodium-debuginfo-7.4.6-150200.3.38.2 php7-sqlite-7.4.6-150200.3.38.2 php7-sqlite-debuginfo-7.4.6-150200.3.38.2 php7-sysvmsg-7.4.6-150200.3.38.2 php7-sysvmsg-debuginfo-7.4.6-150200.3.38.2 php7-sysvsem-7.4.6-150200.3.38.2 php7-sysvsem-debuginfo-7.4.6-150200.3.38.2 php7-sysvshm-7.4.6-150200.3.38.2 php7-sysvshm-debuginfo-7.4.6-150200.3.38.2 php7-test-7.4.6-150200.3.38.2 php7-tidy-7.4.6-150200.3.38.2 php7-tidy-debuginfo-7.4.6-150200.3.38.2 php7-tokenizer-7.4.6-150200.3.38.2 php7-tokenizer-debuginfo-7.4.6-150200.3.38.2 php7-xmlreader-7.4.6-150200.3.38.2 php7-xmlreader-debuginfo-7.4.6-150200.3.38.2 php7-xmlrpc-7.4.6-150200.3.38.2 php7-xmlrpc-debuginfo-7.4.6-150200.3.38.2 php7-xmlwriter-7.4.6-150200.3.38.2 php7-xmlwriter-debuginfo-7.4.6-150200.3.38.2 php7-xsl-7.4.6-150200.3.38.2 php7-xsl-debuginfo-7.4.6-150200.3.38.2 php7-zip-7.4.6-150200.3.38.2 php7-zip-debuginfo-7.4.6-150200.3.38.2 php7-zlib-7.4.6-150200.3.38.2 php7-zlib-debuginfo-7.4.6-150200.3.38.2 o SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-150200.3.38.2 apache2-mod_php7-debuginfo-7.4.6-150200.3.38.2 php7-7.4.6-150200.3.38.2 php7-bcmath-7.4.6-150200.3.38.2 php7-bcmath-debuginfo-7.4.6-150200.3.38.2 php7-bz2-7.4.6-150200.3.38.2 php7-bz2-debuginfo-7.4.6-150200.3.38.2 php7-calendar-7.4.6-150200.3.38.2 php7-calendar-debuginfo-7.4.6-150200.3.38.2 php7-ctype-7.4.6-150200.3.38.2 php7-ctype-debuginfo-7.4.6-150200.3.38.2 php7-curl-7.4.6-150200.3.38.2 php7-curl-debuginfo-7.4.6-150200.3.38.2 php7-dba-7.4.6-150200.3.38.2 php7-dba-debuginfo-7.4.6-150200.3.38.2 php7-debuginfo-7.4.6-150200.3.38.2 php7-debugsource-7.4.6-150200.3.38.2 php7-devel-7.4.6-150200.3.38.2 php7-dom-7.4.6-150200.3.38.2 php7-dom-debuginfo-7.4.6-150200.3.38.2 php7-enchant-7.4.6-150200.3.38.2 php7-enchant-debuginfo-7.4.6-150200.3.38.2 php7-exif-7.4.6-150200.3.38.2 php7-exif-debuginfo-7.4.6-150200.3.38.2 php7-fastcgi-7.4.6-150200.3.38.2 php7-fastcgi-debuginfo-7.4.6-150200.3.38.2 php7-fileinfo-7.4.6-150200.3.38.2 php7-fileinfo-debuginfo-7.4.6-150200.3.38.2 php7-fpm-7.4.6-150200.3.38.2 php7-fpm-debuginfo-7.4.6-150200.3.38.2 php7-ftp-7.4.6-150200.3.38.2 php7-ftp-debuginfo-7.4.6-150200.3.38.2 php7-gd-7.4.6-150200.3.38.2 php7-gd-debuginfo-7.4.6-150200.3.38.2 php7-gettext-7.4.6-150200.3.38.2 php7-gettext-debuginfo-7.4.6-150200.3.38.2 php7-gmp-7.4.6-150200.3.38.2 php7-gmp-debuginfo-7.4.6-150200.3.38.2 php7-iconv-7.4.6-150200.3.38.2 php7-iconv-debuginfo-7.4.6-150200.3.38.2 php7-intl-7.4.6-150200.3.38.2 php7-intl-debuginfo-7.4.6-150200.3.38.2 php7-json-7.4.6-150200.3.38.2 php7-json-debuginfo-7.4.6-150200.3.38.2 php7-ldap-7.4.6-150200.3.38.2 php7-ldap-debuginfo-7.4.6-150200.3.38.2 php7-mbstring-7.4.6-150200.3.38.2 php7-mbstring-debuginfo-7.4.6-150200.3.38.2 php7-mysql-7.4.6-150200.3.38.2 php7-mysql-debuginfo-7.4.6-150200.3.38.2 php7-odbc-7.4.6-150200.3.38.2 php7-odbc-debuginfo-7.4.6-150200.3.38.2 php7-opcache-7.4.6-150200.3.38.2 php7-opcache-debuginfo-7.4.6-150200.3.38.2 php7-openssl-7.4.6-150200.3.38.2 php7-openssl-debuginfo-7.4.6-150200.3.38.2 php7-pcntl-7.4.6-150200.3.38.2 php7-pcntl-debuginfo-7.4.6-150200.3.38.2 php7-pdo-7.4.6-150200.3.38.2 php7-pdo-debuginfo-7.4.6-150200.3.38.2 php7-pgsql-7.4.6-150200.3.38.2 php7-pgsql-debuginfo-7.4.6-150200.3.38.2 php7-phar-7.4.6-150200.3.38.2 php7-phar-debuginfo-7.4.6-150200.3.38.2 php7-posix-7.4.6-150200.3.38.2 php7-posix-debuginfo-7.4.6-150200.3.38.2 php7-readline-7.4.6-150200.3.38.2 php7-readline-debuginfo-7.4.6-150200.3.38.2 php7-shmop-7.4.6-150200.3.38.2 php7-shmop-debuginfo-7.4.6-150200.3.38.2 php7-snmp-7.4.6-150200.3.38.2 php7-snmp-debuginfo-7.4.6-150200.3.38.2 php7-soap-7.4.6-150200.3.38.2 php7-soap-debuginfo-7.4.6-150200.3.38.2 php7-sockets-7.4.6-150200.3.38.2 php7-sockets-debuginfo-7.4.6-150200.3.38.2 php7-sodium-7.4.6-150200.3.38.2 php7-sodium-debuginfo-7.4.6-150200.3.38.2 php7-sqlite-7.4.6-150200.3.38.2 php7-sqlite-debuginfo-7.4.6-150200.3.38.2 php7-sysvmsg-7.4.6-150200.3.38.2 php7-sysvmsg-debuginfo-7.4.6-150200.3.38.2 php7-sysvsem-7.4.6-150200.3.38.2 php7-sysvsem-debuginfo-7.4.6-150200.3.38.2 php7-sysvshm-7.4.6-150200.3.38.2 php7-sysvshm-debuginfo-7.4.6-150200.3.38.2 php7-tidy-7.4.6-150200.3.38.2 php7-tidy-debuginfo-7.4.6-150200.3.38.2 php7-tokenizer-7.4.6-150200.3.38.2 php7-tokenizer-debuginfo-7.4.6-150200.3.38.2 php7-xmlreader-7.4.6-150200.3.38.2 php7-xmlreader-debuginfo-7.4.6-150200.3.38.2 php7-xmlrpc-7.4.6-150200.3.38.2 php7-xmlrpc-debuginfo-7.4.6-150200.3.38.2 php7-xmlwriter-7.4.6-150200.3.38.2 php7-xmlwriter-debuginfo-7.4.6-150200.3.38.2 php7-xsl-7.4.6-150200.3.38.2 php7-xsl-debuginfo-7.4.6-150200.3.38.2 php7-zip-7.4.6-150200.3.38.2 php7-zip-debuginfo-7.4.6-150200.3.38.2 php7-zlib-7.4.6-150200.3.38.2 php7-zlib-debuginfo-7.4.6-150200.3.38.2 o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-150200.3.38.2 php7-debugsource-7.4.6-150200.3.38.2 php7-embed-7.4.6-150200.3.38.2 php7-embed-debuginfo-7.4.6-150200.3.38.2 References: o https://bugzilla.suse.com/1197644 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYorEr8kNZI30y1K9AQjeTA//QJiXEnKOyaMCyljsnCK+Nokr6ZLkbAWW vNV751DHA+uuqaf8UihTTue9a9ZcABWUbkY/mwhQsJRG+vLlrRX5yl+1MPtngynx 4x0801fqpyMfCamVpgZ9odBHre+GN6PRz8kwg6WegajR+h8v+xuZutrEURGc9LdQ wtgS7nt98shaKGuLE9vWJ8LT3aOweovp813YwDZDjGGaDdSdYcEcYRhYBJJpMT30 qaUQDiJZ1+aZeYBN+QfZu4qpNGTVHjWOezbzIT1gjyXnikjW6/RzffuhgaUGe+wB NHEw20Lkr2SLMwXfwFl7DyLMwx1XBaGzPl1RVohQ1p76frSfZBA6Nj3tOCrox1x8 dPgbTFEv5qZCYfYrxDU6TIj9C3VDegQCJOupJ8+KEzvumOWQvTzE8YOxTg3meIUJ gImcou8PlMDxjWDj6gnf+XxXA/6O+ZTeIAikhpMuy9MtCGtP3QGDg4t2LrmdhADy 2oAI3TfoECf5f4YyHY8bbLbck6U3NqBgjnG08QZEYBbwgflbGr6GMkr7c/a8bVSw dEdH2CxWew26U4cEG8qJOwgvuf/WTvGVsV0Zp9kXRHMyjSr/cBfee5SWkdguWAFr qOHTSUDmEXei6VIQZLrQ1zvXiz8EUfCYp6QW9hrrVYMMw8/udTLrPKdhbqU+EMpI gTGBTP2FISM= =e+SD -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2503 - [SUSE] openldap2: CVSS (Max): 9.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2503 Security update for openldap2 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openldap2 Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-29155 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221771-1 Comment: CVSS (Max): 9.4 CVE-2022-29155 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1771-1 Rating: important References: #1198383 #1199240 Cross-References: CVE-2022-29155 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openldap2 fixes the following issues: o CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). o Fixed issue with SASL init that crashed slapd at startup under certain conditions (bsc#1198383). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1771=1 o SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1771=1 o SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1771=1 o SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1771=1 o SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1771=1 o SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1771=1 Package List: o SUSE OpenStack Cloud Crowbar 9 (x86_64): libldap-2_4-2-2.4.41-22.10.1 libldap-2_4-2-32bit-2.4.41-22.10.1 libldap-2_4-2-debuginfo-2.4.41-22.10.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.10.1 openldap2-2.4.41-22.10.1 openldap2-back-meta-2.4.41-22.10.1 openldap2-back-meta-debuginfo-2.4.41-22.10.1 openldap2-client-2.4.41-22.10.1 openldap2-client-debuginfo-2.4.41-22.10.1 openldap2-debuginfo-2.4.41-22.10.1 openldap2-debugsource-2.4.41-22.10.1 openldap2-ppolicy-check-password-1.2-22.10.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.10.1 o SUSE OpenStack Cloud Crowbar 9 (noarch): openldap2-doc-2.4.41-22.10.1 o SUSE OpenStack Cloud 9 (x86_64): libldap-2_4-2-2.4.41-22.10.1 libldap-2_4-2-32bit-2.4.41-22.10.1 libldap-2_4-2-debuginfo-2.4.41-22.10.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.10.1 openldap2-2.4.41-22.10.1 openldap2-back-meta-2.4.41-22.10.1 openldap2-back-meta-debuginfo-2.4.41-22.10.1 openldap2-client-2.4.41-22.10.1 openldap2-client-debuginfo-2.4.41-22.10.1 openldap2-debuginfo-2.4.41-22.10.1 openldap2-debugsource-2.4.41-22.10.1 openldap2-ppolicy-check-password-1.2-22.10.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.10.1 o SUSE OpenStack Cloud 9 (noarch): openldap2-doc-2.4.41-22.10.1 o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-22.10.1 openldap2-back-perl-debuginfo-2.4.41-22.10.1 openldap2-debuginfo-2.4.41-22.10.1 openldap2-debugsource-2.4.41-22.10.1 openldap2-devel-2.4.41-22.10.1 openldap2-devel-static-2.4.41-22.10.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libldap-2_4-2-2.4.41-22.10.1 libldap-2_4-2-debuginfo-2.4.41-22.10.1 openldap2-2.4.41-22.10.1 openldap2-back-meta-2.4.41-22.10.1 openldap2-back-meta-debuginfo-2.4.41-22.10.1 openldap2-client-2.4.41-22.10.1 openldap2-client-debuginfo-2.4.41-22.10.1 openldap2-debuginfo-2.4.41-22.10.1 openldap2-debugsource-2.4.41-22.10.1 openldap2-ppolicy-check-password-1.2-22.10.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.10.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libldap-2_4-2-32bit-2.4.41-22.10.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.10.1 o SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): openldap2-doc-2.4.41-22.10.1 o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-22.10.1 libldap-2_4-2-debuginfo-2.4.41-22.10.1 openldap2-2.4.41-22.10.1 openldap2-back-meta-2.4.41-22.10.1 openldap2-back-meta-debuginfo-2.4.41-22.10.1 openldap2-client-2.4.41-22.10.1 openldap2-client-debuginfo-2.4.41-22.10.1 openldap2-debuginfo-2.4.41-22.10.1 openldap2-debugsource-2.4.41-22.10.1 openldap2-ppolicy-check-password-1.2-22.10.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.10.1 o SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-22.10.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.10.1 o SUSE Linux Enterprise Server 12-SP5 (noarch): openldap2-doc-2.4.41-22.10.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-22.10.1 libldap-2_4-2-debuginfo-2.4.41-22.10.1 openldap2-2.4.41-22.10.1 openldap2-back-meta-2.4.41-22.10.1 openldap2-back-meta-debuginfo-2.4.41-22.10.1 openldap2-client-2.4.41-22.10.1 openldap2-client-debuginfo-2.4.41-22.10.1 openldap2-debuginfo-2.4.41-22.10.1 openldap2-debugsource-2.4.41-22.10.1 openldap2-ppolicy-check-password-1.2-22.10.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.10.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-22.10.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.10.1 o SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openldap2-doc-2.4.41-22.10.1 References: o https://www.suse.com/security/cve/CVE-2022-29155.html o https://bugzilla.suse.com/1198383 o https://bugzilla.suse.com/1199240 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYorEi8kNZI30y1K9AQg1CQ//WvJKMZUZvqa5PZBVBtD77jn1Qx01Cz/o DuAYoatLg1HtgO8gJUU+PwK9IKl2oirkg7Qr9yY1jGRBzYqLUSFCYyK0J0Qn5Hnf /RAQJxW7oGstIjcrNtNbkIhMR5UIJ3p28i+WyRPxNDp04sN/ckRyS3ZKJXgN76Pt vh7boKjuTXu2A7d6y+iDeQYZP64+f26p6AxGLCy1yhyy7kVO6gQBnT4WejM4gwjU XUN4xHfhRalKHOXvSbR5YtuBhXNpFNAKiu4gVkyNXDAzqPzpExkh1woNNf2Deie1 xhre99UhPs+4U7I+coSJELmtAwqKJdz+UAg6rGnaSQbGeCmEen7HyJiltahOwUL2 ZT5mGeYtJHwTSjzED/Uzg6HEOY/FwaOVOI2YkYGTVVS6kX/7Bn/Bg59ztedz+3r2 Ay0bfMNdlpzRWlr0w0SJ7RjIbRe22bdOytlR+d2O0e28JgTWxI7eU21iBLQlt5lI 33/yifnjumu1yCkvfoa36Mqz7rEwlsKfR/4W7BZ7qraya/vkC1CdWl68ROQwJzew 4jsSCueJGQZ5yZwRbeaLM80Ru+clRbeO0W6XOMCmPvqFl/++xzDBBvFrgdS9ugQk Y3MszUq/6oQS2Zdx/brS8dV81pou/KnwcanHK9ZGz8xJYxpNq4JJizcnK+7DLOkS +AqrYCUyL10= =fPwq -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2502 - [SUSE] ImageMagick: CVSS (Max): 5.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2502 Security update for ImageMagick 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ImageMagick Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2022-28463 Original Bulletin: https://www.suse.com/support/update/announcement/2022/suse-su-20221762-1 Comment: CVSS (Max): 5.5 CVE-2022-28463 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1762-1 Rating: moderate References: #1197147 #1199350 Cross-References: CVE-2022-28463 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: o CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350). Bugfixes: o Use png_get_eXIf_1 when available (bsc#1197147). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1762=1 o openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1762=1 o SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1762=1 o SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1762=1 Package List: o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.26.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.26.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.26.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.26.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1 o openSUSE Leap 15.4 (x86_64): libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.26.1 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.26.1 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.26.1 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.26.1 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.26.1 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.26.1 o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-150200.10.26.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.26.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.26.1 ImageMagick-debuginfo-7.0.7.34-150200.10.26.1 ImageMagick-debugsource-7.0.7.34-150200.10.26.1 ImageMagick-devel-7.0.7.34-150200.10.26.1 ImageMagick-extra-7.0.7.34-150200.10.26.1 ImageMagick-extra-debuginfo-7.0.7.34-150200.10.26.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.26.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.26.1 libMagick++-devel-7.0.7.34-150200.10.26.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.26.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.26.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1 perl-PerlMagick-7.0.7.34-150200.10.26.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.26.1 o openSUSE Leap 15.3 (noarch): ImageMagick-doc-7.0.7.34-150200.10.26.1 o openSUSE Leap 15.3 (x86_64): ImageMagick-devel-32bit-7.0.7.34-150200.10.26.1 libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.26.1 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.26.1 libMagick++-devel-32bit-7.0.7.34-150200.10.26.1 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.26.1 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.26.1 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.26.1 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.26.1 o SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-150200.10.26.1 ImageMagick-debugsource-7.0.7.34-150200.10.26.1 perl-PerlMagick-7.0.7.34-150200.10.26.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.26.1 o SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-150200.10.26.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.26.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.26.1 ImageMagick-debuginfo-7.0.7.34-150200.10.26.1 ImageMagick-debugsource-7.0.7.34-150200.10.26.1 ImageMagick-devel-7.0.7.34-150200.10.26.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.26.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.26.1 libMagick++-devel-7.0.7.34-150200.10.26.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.26.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.26.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1 References: o https://www.suse.com/security/cve/CVE-2022-28463.html o https://bugzilla.suse.com/1197147 o https://bugzilla.suse.com/1199350 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYorEaMkNZI30y1K9AQju8Q//c4MYjhI002eL6+PP50iLv46W0Y7MKqhZ JUTwCYGmqOY4smIgZv7aoeapGSgi0VtNq2WXHR0aE973FJLuWJEofjKzTqG4UGcG HnVq1bmo8R+1OOkr1CvXGQbSLrhIMvFOFt2qnymCNrL/gGEio9wDln5UrLHDZa5g +Fr4xnoGCj5TMJp3Q6qPkn83E2eaX2v3vpZFPcIGNlwjjpgve0x4C93LKvDu+kwJ cPTnLiVTlMBXrXaLCWdYGqW2vGerqm+o8djoqSdKYTf6fxMccqk8gLOO05JCIadF Gj8S8+tmePiKEqZ3fiP/Z6BEJYBLYplvxehP/PgdNeaVDmrEKQ/+B/dPsiHlvfq3 PrHOp2jrVvra/kD+/duBUWaokTZQvtcGHjwKBhJc+oegs8KllxJfAiTLeEVpzn+q 4boQFy5zGjeBOBoFg4AZo1NOPmzOpj/2ivwp7bsd7Idvx1Sh4LQUP8ijtnTc41Ln RKGDR2bNT/9/g7Q9Co95L7itfzBC4erWl8frAF5Rl+pC/r1kFWBSbnNpg6PtQ2eX +j9e1kOuKVHsQqcJUwo14Jzgn9NGccOFhjv7STinVb6j3W8RkvzN8+ov0n5jp8GO oEj9bE5bGY04KI2SUV3UgJF0qABcu1GAfrzJVmTMbETVs/joQ5jaTw53TiZQ1vbj OkKqNrBy92E= =H74y -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2501 - [Debian] condor: CVSS (Max): 9.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2501 condor security update 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: condor Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-26110 CVE-2019-18823 Original Bulletin: https://lists.debian.org/debian-security-announce/2022/msg00112.html Comment: CVSS (Max): 9.8 CVE-2019-18823 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5144-1 security@debian.org https://www.debian.org/security/ Markus Koschany May 22, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : condor CVE ID : CVE-2019-18823 CVE-2022-26110 Debian Bug : 963777 1008634 Several flaws have been discovered in HTCondor, a distributed workload management system, which allow users with only READ access to any daemon to use a different authentication method than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user and submit or remove jobs. For the oldstable distribution (buster), these problems have been fixed in version 8.6.8~dfsg.1-2+deb10u1. We recommend that you upgrade your condor packages. For the detailed security status of condor please refer to its security tracker page at: https://security-tracker.debian.org/tracker/condor Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKKmudfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQULhAAkWzFscqLmOmYG6ceWoRYpVGADM3iidhVRA0DPSPMMFuuKiSO6frXkA7u fmP3JHIpdq8CnZ+dooPXRkjSeSYfKTtXzm3h9RBxafNWtdAy7ynKHvfax2OlhlP8 9RxLxiYsie2NXhB/L3lDvDpvGyoOlw6PER6ZVEUVsFAg7ryhUkmcrr+JFYM44/on 5KtfQbQ3hWSNMn6SMVvaAZBYeoAGaRfCMPpY4SxRlecL9PouW91+uXFUl9kH3As7 LJT3z8jxtOF/XY4u7gCsdXJINAxdc5M54yz8AwPvuDSWaTVtlUCchKY/Tg6+Upam AA3TjoYZK/dqHP5/aSogyC7r/BEbe3EXWuSa+9s57XzTcL5Hs53d6jPYqc7t6m33 yXeDuJkxi55tHWvb6I3GmaKcN1R4Cq/J3sTlSMBoh3ixUPManfzhZT+drZJ22cKJ wzcs1ZxnwDTKGDR4WGOSsrdbgc7cpzVEPC7T20XU+K0gjseRwu1sJQqs4v9mFuah uxeXHpJlaaeh/ITzGolprST6jzSrZ78XtNTIBxLVi9MGXfRM9ezPhyL3y4wtYZHe O3SS4xW4g4XKfMFErBnYmJR7TmH6bez3r7dMjAXfStVsUPsySkSKTu9Vp6csbbRw 8NuvpZl+/DPgwjMnizIvCYCE155fLQFY58eJBX5eGjlV/jrc4H8= =qbdZ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoq2p8kNZI30y1K9AQhaKhAAjQ/hbIxzRBjHllSD3XWPiylgbqV8PbxZ 6kAyfUit9Wt9jsSfcc2vNrRRyItfMI3PcVVbhPcVdKSaWdChPlnMC4IxhopneBN6 ZIQ760Mibbn6e9U7wvD7NEs2SGT9hKslofQocGxjci5CFvMjgcCx1N9wa5+9ajDj ZHEnIQ3iDL2YFTIO3BFkdykjkE0/pkqD3wzkfHzLKI6uHvdiV4wPwcaK9Brg04lJ d3QZIBJCtecMZOqowtlylfAETJgvrNoqyhszpDQHndHicLCx0gOtDX4MwX3z0zUg 4tHr1SkcNwvbUuTid9kIk+HYme/eUdrDE18R46fIGE8GSnwe+tgDxSuPMJVUV+7K 0MN2ToEgQnaNm+6a8iVDVEfoU46L67ntI4ZjozPAv1KsDdMdctIf21YscmHrr/4i AUmMQwSDqTDnN9mzMAKeV6mDoBghbPZlpEF8C8heDPiv4DhUVMQ+zU66RACbEAAR FmiR2ghzvWmLshktyxKYzDhjNsQUkqXbuIo67xpRAgB+ivt3fN69S53vp9of/Z4Y 1CB90jU0GjjdBrMAaVfHAEoKL0JeSPpdtEbBk0fZ8Fo66BmfmKnHPt6kZe+bB9OE adtIEV2L1ZX2sMDbHvkpoAMw73W0h1UoZ5LOy4XaLKMJiQp8xw38naBDhefdOofJ SbKq52lR7is= =eLjQ -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2500 - [Debian] firefox-esr: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2500 firefox-esr security update 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: firefox-esr Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-1802 CVE-2022-1529 Original Bulletin: https://lists.debian.org/debian-security-announce/2022/msg00111.html Comment: CVSS (Max): 7.5 CVE-2022-1802 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5143-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 22, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2022-1529 CVE-2022-1802 Manfred Paul discovered two security issues in the Mozilla Firefox web browser, which could result in the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed in version 91.9.1esr-1~deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 91.9.1esr-1~deb11u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKKUtwACgkQEMKTtsN8 TjZjdQ//cEbDNLVLwRFBdNU2ZO61Rxb297FyD15T0W0YYq4FWV2aAiK7wS/c1X3D WCqGLJxb+/XRhfVYRimvfL6NJv4tqCXt1hyWVJ0xtxtLrsCSvpcUYkaAQ/MI39Un ESlr4VWMEsKL0uV47kBxchsR+fXoYkHnc3y9Wv7AMN2alJqz9EA7YlMji3p2mi9i tD7v21O1QUt+cryO5aC1ktr9sIeB5Ol+oP9pQi7KBA1Bprf21JGaBT1G5GFVS7vi 4ye/1xTPdDLRNqI7XFaQbti6iJ/IA3ClYPZxZ7TR/emGYljqZ1JLJSkVc25CNQc/ cNPIElMxKolRTmusreG0Nsdu/TZllMfQw4pScvFanhnzoSvKCMRx0ECjAiKUhkdf B/KkTN/rVyvlxeoWGCA92rhKRrfexMhzPLaBa8KffFqT6XD57LDZaczcjJNEPxZC Wgp//rY5pMFYKfz4wUEXpEDVC/DjKjHQrNZkviHi/t4inrYLddtUQrkW2akz1eZh WOBrqOQ/Mj3T+N2RhyG3NQqG/rcUSyNuu2k80rR0YdqNvty0KEMbL/GPxrIrWxzC dpYsJ/m0Jv9SluiEu9/v3FsXi99jRbaEysP0noRIsTgXOpqu0r2EDLKsTRY3aI9f 64Krq9y+DJMzn5/w/MmA4d+UsM4YFdInSIlMWRHih28HKu3Hwjc= =N6E0 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoq2kskNZI30y1K9AQh/gw//RNwdU+cK0QBl5fumz07XEqWrtytWwMTX V9bnMWy3lzTctxLUdYRsSHX3iGTjuio44/Pkn3JOtRkoHIX5/ilRBowwWNkSf5Kp lBnpPBUfMYYVaBtkgEzI4kcY3OD2ZlJuTNv0HevSRTPinsCk/zpBOqxPU1d1nZYF hzMG0Fgb8hXrCxsEDH/v+GpU4pKpOq6w2FPzCb+mFS/7RT7kW+nzN1qWm+ar74CM JNzsEudQE3Sx7xdTimbo7eoZCSHOVQrqB8FXdpxFrXYgQWreu9xl+aAMRR3X2DuX 9isBSq1cpj/7PQ4It56KUe8y4L+LkUEbrhgdRxaFvmQoX5lzCnhtfIVQlabmsaju ORmw7VGBoY61G0irtCI9zYpKP4jPGgYuWImGfI1/e68ThXoNdtlcWIUKZwh9PFYr tct2xfxIfiSlg3K1EDn+bXBfo5IKbU+63LVIm18tPHyW0OWJ+6YVXT7rGu+4EwJc e1mP985m+9i6PmNof+S/24Pm5jUMbI7NHjauuWQJLUnWl4JdC9bL11jlkVSJ/PA8 EGHi8Ph3RKDvXiB6ULl9Wk3UpdKxiKPRi/OdcUOVxu/hkbihWRA10jZoeSo7WAgC l1x5BU2cFLwjZSXIpXs89RgLQgRVX50149WvsMbp/dpcJogAl0aLmx5PqIC2TyV9 NamnJhYggwI= =J2VK -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2499 - [Debian] libxml2: CVSS (Max): 6.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2499 libxml2 security update 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libxml2 Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-29824 Original Bulletin: https://lists.debian.org/debian-security-announce/2022/msg00110.html Comment: CVSS (Max): 6.5 CVE-2022-29824 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5142-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxml2 CVE ID : CVE-2022-29824 Debian Bug : 1010526 Felix Wilhelm reported that several buffer handling functions in libxml2, a library providing support to read, modify and write XML and HTML files, don't check for integer overflows, resulting in out-of-bounds memory writes if specially crafted, multi-gigabyte XML files are processed. An attacker can take advantage of this flaw for denial of service or execution of arbitrary code. For the oldstable distribution (buster), this problem has been fixed in version 2.9.4+dfsg1-7+deb10u4. For the stable distribution (bullseye), this problem has been fixed in version 2.9.10+dfsg-6.7+deb11u2. We recommend that you upgrade your libxml2 packages. For the detailed security status of libxml2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libxml2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmKJ919fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QYbw/+Km1VrO2214d+etzZ31VeHn5R/UtGDeCRUN51qf4x82JChUXaoi8c/pI4 MChbevhE29HFilYqTkFo2N7nArgT1WwRGzsjs4lXQ8j8YXsJYLJmR87Ley57z4lA S06I/3i4Su7az79XHA33tKWrFeAjwtjIhZ/in7OR2Dzm19quag9frdeWSHccAjwY zvE4mbrMItHhiTcTRS2kg29R2NcWxE0VOK1k5fyiJ+IBtdqTsJmeJ68gmWjJOvet uM9IYcmMHQay2ROVnO+e11aG1UB9E6j/k8BKSCV9cobkDByNfpKk4hD0oNtoKaHp VgQr0XXXemFKUSXCJISOkCDiWPvKHZeuu935H+dIMrFQ+9xP3z0Ct1EK+HHLmqzb 2E1E/4yYZltxXWZC7oVZttvdOMBotDMQ0K4QwJYc4gHnan6lZgrxpaXtxgbkqvEZ DMeBZC7GVqjhSC8dggHfJbpONQI8u9EjiAPq/cJUnFEdlyc63J7Ti4oFAQ5BuZSn cEcPJlMo+3TKIsyPBsxwQAIOGup6pXoBdJLZVYd2umuhhyEdBP35S1OhQ4o5bjfR 9x9NOJex6AubUdGGUe3fZgwrAIYcGHTNzTEqlKKmFmyHx1X0+1UcECmJ9zye0cPU ILXofOp+VUeLSm0JeqvhAYD8C47ZaYX9mSo2VPjtM0L1Kz4Pto0= =lDgh - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoq2fMkNZI30y1K9AQgXWQ/9G/Kgvlmu2mMDTGUUkN5bg/p5B7h28chz EXW6l8yN27A5cFhi6c/7DK91h+Hig1G3jWLBPfZ1VOMG8e6Uzogg0QwNkpasfK7l lhHlDLDfpv2X0xP9RLA3Z0HdlqPAcqSWgJpd3GgDFp13lpmuW6rm06gL+DHKNi5G /+NVxacBTWW6SK2Y7Ebc4iqA0zOQrzLIrESmypFW7Ve9esIVEHkuqZpvjxYRfU8V ZAwXSfB43gBS8HswZLDFW1uDji5Jya1Rs9t5yiqJ1Uw6LlozGHTC4bJdNTGt66uJ pCLX3nBn4b/eq3PG8W070yOZRTQ+4YCOk3f+Jb4MLMSaKmnry364zu7PCXj3ZbEO jXXKrprS1KBHry2eH2ETKm+ORufDFVjS7ZQB2WFHxbUlkVqRhVgkmwU5kk5Pm2qK cmum/V/6U9Jww5Nw3J8Y4H/jKCV2umoVto7DD4242zwBXGGkw2gWt8K7pU8QP39T e+FkRQCWX+AlPjkm/sXEvuQ8+KfTBjV6Q12LgpEeiVim4rFE+CGz/RfOSO0RTX4Q dJJocfSndV0ikbeNAoqrVvKpBavfdn4gdeBN1nOpGhJfsq3/q1RIFTk4GhOGmq59 Q/VroQmtJ30TwcIb5WvYGAXvB0EEtQxhSs3cp0mcXs71wTRqpJtY69Rbtf788pDx 1nz6jskoCKE= =yYtt -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2498 - [Debian] libpgjava: CVSS (Max): 9.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2498 libpgjava security update 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libpgjava Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-21724 Original Bulletin: https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html Comment: CVSS (Max): 9.8 CVE-2022-21724 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3018-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany May 20, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : libpgjava Version : 9.4.1212-1+deb9u1 CVE ID : CVE-2022-21724 It was found that libpgjava, the official PostgreSQL JDBC Driver, would be vulnerable if an attacker controlled jdbc url or properties. The JDBC driver did not verify if certain classes implemented the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. For Debian 9 stretch, this problem has been fixed in version 9.4.1212-1+deb9u1. We recommend that you upgrade your libpgjava packages. For the detailed security status of libpgjava please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libpgjava Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKH/Y1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTRRA//axXnTODkyY5FQnB1Mj1JXKupXKh5/0vQNwal4a7PVTL72dq1nSCDmIhy h1DM88EwLAp2v6ou1FywQ51i747mIQ9duKS9be7ybsbOdKPl3BTVLPxdFtwSmPgX KeHk6DmA6TjxI0/+G/fJiSoGx0jNYnbB5SN0UXkR4eK9zZ2xD2jUmBqoxIVGyKDo 0IqGl4rw/8leUNR/Q5YPnWD3DarqlWxHt8D8glSjbYb1dvlIPHGjOFbt8hTy/Yad K+BioQCo6U1gq5dac9TinSrns4BSdFw1PKK8APDhsDV/imKWFObAB7jv65ouKloW nMdCPc614fifTa36c4BbRHcXxgiU9fIcFGP19xmYzRS2mlMTkBbCE52BrM95xf14 3w4ZomSp0wF0sApOpH/qw0lc3dZhHflJRzUAssNGwX59XezmQj9KZvQdkMxKjz7K SvGlnbA2fDD4kUyXe/uyuXJeKMEAxOOQvTHxKoRuasIcbh2PU97vzfzYwaP7l0VV 92UtgK38u9fD/47ZzMY3JH9PWzNdQvHzH2ClXByATnWFch+a/BW85+SVkbYZcjDO /EiNRNTJ7cJ7kO7j330d81/wNkK4M6WxXBr9Tzmy5xHzLv7mkJLUcZv+cbZqXCiX sz/4A/7pC7fFExrs8ZAoaZRIc879J+KdXuDKALsiKL0hRbe44MU= =/Fpw - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoq2aMkNZI30y1K9AQic1RAAiWnpskZD/pbnaIC/6m3yMUSg5o8JmqeG cmiC2x++eTv05WjRLB5tH/SkmgCjgFkhdwFfEquuYnv0Ie04nWNoi6/Bo0gBAE9q mPngekMUIL80n6j88t6DGcZseJPhbbPXa+yet/Pt7HAnpx0Le973z2wa/yTWBfSa 6sUFNbdCaV3AjfiRZ/PthfSwJsKLAcnR0wP0mePUdQaouheHA1s/piz4iJD28MwX dzvuGo9CeXnBXICQhOh1NYJfLO2D2US5nMOTjUv5B7PAzQAEmVYRfi7FKIum/B1F saquF9MZOOyoFh8v5FiY6zvdgiDtz4k9VbaxgHGVJ3vwM8nJvHZYO2xdvzx8K9CV 44hLrkcHk65sJXQ+5wSpCoTSfwzHT0mYJBYmX4tSv/1agMVBrOO6Wm9HxYbXEB7s 1r4CRY0dMUEawLJZuLLWYmlBmYA2cmX+JCzjH0pZTSalz82ig2zIsmNCrCKYxshR tLosl0S5jW7mLCh8E/bHcj/vHdFfIPjfwRSXJJL2UI+dcxqced2qG8gZw0bgCCbX aLh1XhlHeYP21PXLn2NyZvp26HuNpviR5LRhFnoCRCj+tRwFSE7o3du68mus+sdn okAlAftk1j1EXwceu7VQQNuGUXXfnary3B9nMtzB3hAb9QF1m4a7lw0V1+pMGgXN NF7nuzwu/54= =2M59 -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2497 - [Debian] rsyslog: CVSS (Max): 8.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2497 rsyslog security update 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: rsyslog Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-24903 CVE-2018-16881 Original Bulletin: https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html Comment: CVSS (Max): 8.1 CVE-2022-24903 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3016-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Sylvain Beucler May 20, 2022 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : rsyslog Version : 8.24.0-1+deb9u2 CVE ID : CVE-2018-16881 CVE-2022-24903 Debian Bug : 1010619 Several vulnerabilities were discovered in rsyslog, a system and kernel logging daemon. When a log server is configured to accept logs from remote clients through specific modules such as 'imptcp', an attacker can cause a denial of service (DoS) and possibly execute code on the server. CVE-2018-16881 A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. CVE-2022-24903 Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. For Debian 9 stretch, these problems have been fixed in version 8.24.0-1+deb9u2. We recommend that you upgrade your rsyslog packages. For the detailed security status of rsyslog please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rsyslog Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmKHmvkACgkQDTl9HeUl XjDhIRAAgEsNtgpwyS1wPOhclpaTVq+ZKziprV/CytVy8uB2sa7cltWakNY35am+ +hWaG4aIwUchOnrGseBjqRvjhZKFsJ5F1FVN+cJqs6Kre86Jo3k3L043SMow2slc 0iWm9JZdtSLN0KaxYPlxDRSGjgg9rEC5qjqdzQiMfnp00+qH0u10hV+rA8JXyXt+ O12ACaMwDKb3Q70yt0U/7a8+Fed2WFM03fTO5/E3rWxPJqRf/QN493s1MyD7yJiE +zG9vpsDnbTuvmcseAH7bsjJ8JHVQpD+Vk7pPS4JGUQ7zIjj3Lou/17ur5iCsAWR b+j5vlYbso4XAMDP71TgiNaE0RZS9L2uTe89PPfLtxUxuhvLIebC1ee7GutDLO8K El+knPFfClRds9lswpiaWgQqzUld2k9pZDNTQLaNTHjau6x2oDlJy1aQnJLZSz3B B0yoff1LV6zziVLSAEfKDUOJep+1Dv9zhwYg6wq8j35Djip83IJuf0CYyefGdRuO NXly1pQLchWqKdlVt+SblH7n37e0zs6EiGjW+/hV6QJILzP64punRHZMOzj8Af84 RTvUxTCdhP9rgTyDI10IzuApWig85PO9tROSJVhgC4m4Szn02NTsE3ObPCB3klgd UKpa68xsaw/820OxM1g35iom0TRYaidLss53tROemOA/KhNv8Zc= =PK3a - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoq2TMkNZI30y1K9AQjeqA//Sbp7aZrw3OvCKdtU/ukmKrGOOCdkrDJl XnO3vZJGCI+a1CuwewGCNIhic77Mjk7d059wKzEnkwUwZC+h2LNxhI2oFV/KQJ6/ M4VHxpPAgsNy2/lhgTSYYYmsnD5uLRiEDqQLQQDQOel8muiDfq3f+lAmXN20PWKE aPLBgDb2064LL9HSdZbmCBYHCmIjP0noaAG6X7J0aEYWInxZnkSmlo8tv0wvy8Eg Cv+Nu6Pshr5erRbIzUz/M3uO3BHFwRmad8rvAI0ungYYCerFUzT7uLSWEWVnvR8y rMvd9uB7OoFzQIFo4hpHM2sG8ePpvMoQYreeqFnqAbNPGS06BYTj7rcoEZo1s7qa jTjbBlnWjnZNOJw4jngimTrUHPHGaeMPDea8JQIBYtdaCSclDgkRvcZEzN/DvYkn mAz1Uda9/NqOr9RbV+qRZDg3rlKAEIAdsGeWuAg5lnGzlXCckTgxzmQoPwJguCEe cL4+loxZTowEo7EZhwPXtmZ3CrBK9uo5ayPDwR6lj9l7CT8XabhaxcgJP9IQ77iO k4SQ25UpYOI938qHwL7R1XieK0s+giqdm5oQjk4OdZS4c3BYrcly1f7Wz4eogdDy 81IcfSoaJM1rCso+TEK2LSSzetEB+2t8uh3V5xf6QqhGW9vDzBaBk/ci1B9lTTqO csTAXmtBIeg= =5CMW -----END PGP SIGNATURE-----
2022. május 23.

ESB-2022.2496 - [Debian] ark: CVSS (Max): 3.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2496 ark security update 23 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ark Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2020-24654 CVE-2020-16116 Original Bulletin: https://lists.debian.org/debian-lts-announce/2022/05/msg00026.html Comment: CVSS (Max): 3.3 CVE-2020-24654 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3015-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany May 20, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : ark Version : 4:16.08.3-2+deb9u1 CVE ID : CVE-2020-16116 CVE-2020-24654 Debian Bug : 969437 Fabian Vogt and Dominik Penner discovered that the Ark archive manager did not sanitize extraction paths, which could result in maliciously crafted archives with symlinks writing outside the extraction directory. For Debian 9 stretch, these problems have been fixed in version 4:16.08.3-2+deb9u1. We recommend that you upgrade your ark packages. For the detailed security status of ark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ark Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKHhChfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQlYw/9HVFxDs2IS32mSsjbJTaKa8HKTVkl6Vg9A4JQuPAMc5dCV8R7pld26wZm 92pMFHfmI8I/xvDYl8rBJ3HiLJQB6BddvIhVPhDB5vUq0hPx9RB1cDwegChC0bbQ XXIqULUcP9QWhZirUUgbDQcCmvDWvuJ/rwmorsNvS5vu8FEKgYz/5L+GJoEd6kL0 FgTfHt91i83I2rcbVfRXXKFYp2MKzI6uEPreu7liyknSkJrB3xxz76a3cN9WQx0v UBWYsGfxMXIsV5mSq1v8xaCXErlJ+5wCpR5yM7ErvqyAQjdE/DljJxpya3ynuQ0e /qIUTbh+SUytFxKysLYNn7zj9M3JfZW0ZI1DQlj0qHz+ntk6k7aFYjbQNMdapMzp G3OcEz7+yiGOx4UZDhYulCJ3zUI/sVjfB3yARBjQkEyBS3hAhX6l2N6syWOaH2lI R5vIhAY/sqGGi1fxEar4FH8+YQV7PU5hyuOPy8rTqG/mkJdCFb8flV5YBcoUoW+V Jvm7wJ9NOyKccTdWaRg+pURUv8Z7ZtAKEEhEdQOuNpCZi7wQy1WtjVtYOgRiqFkx WwNlyJ4p42l0FEByjQJw8ETaixU9dNEbRweeeeCkiWItlOcv8WOqbShuEHmAVFMT 1FGVB21g1umtdpBqKk/StJVqk/baz4TuGy9o587c2aG/OpzKwyM= =u8bA - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYoq2MckNZI30y1K9AQjtrA/9Ew3Ua5fHwEbCl5svWbPfV8sbEKPbKNOX aS7/UKxzOR/mZiV3g4kY5z+pwTcWZoh/ag98EBhsNm2Fk7VMeVWftzFdC/vNCDpZ DN0FpQpTP9XDTouXNaAsXtxvOaNkOtkciq/kWCIwEShF3kbg+P5DdyCDwxGIdddn bEaPu57TPUvS9SmpKAKdQIs1o6Dxs+NycGUdNvV0d75qhlXkLRT4BxTP5qKbO0mX tsnZnCxob2pLvo45XjIvugyt9R/bBzYop4t/6cHeaeYMn81zJMKKhoCZhO6noU6L 1aoUs3KDrj+lLZ/MAM93K2oAnwtmTjFT20YXmKWO45dMe/n2WGkJww8xW0KojEM5 k5e6v244Cv7gupvVp3y0V/W8rsj+YwApCrzyRcxvcpdo4ReHNM/hSy2UgzzrXs5v GhIPCivgurMDBsjWp+Nwxs+3YW5B0A2rQQ3t02rqVAoVAxeBMie0aihKh7ve4oBf xdMJvBOiHqFecBWtZWAdSi4kLQiH8ejkG+cYjFC+q9r4Lr/F/TpzQV0AXWRiR+Ty 16lAFVxZVRhEjR1fFYbqHODvsHq3zu//oybijCRmgMdMWjltHSEeR9UCi3X4fsZ+ oQE0oTukXryzi3ev5p1VZvdQgaMuO/cN7SQvjJoU4S+VlT+59YqZ2LsrSB4jyYS4 VGl0tVcToeY= =RchC -----END PGP SIGNATURE-----
2022. május 20.

ESB-2022.2495 - [Appliance] Mitsubishi Electric MELSEC iQ-F Series: CVSS (Max): 8.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2495 Advisory (icsa-22-139-01) Mitsubishi Electric MELSEC iQ-F Series 20 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mitsubishi Electric MELSEC iQ-F Series Publisher: ICS-CERT Operating System: Network Appliance Resolution: Patch/Upgrade CVE Names: CVE-2022-25162 CVE-2022-25161 Original Bulletin: https://us-cert.cisa.gov/ics/advisories/icsa-22-139-01 Comment: CVSS (Max): 8.6 CVE-2022-25161 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Source: ICS-CERT Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L - --------------------------BEGIN INCLUDED TEXT-------------------- ICS Advisory (ICSA-22-139-01) Mitsubishi Electric MELSEC iQ-F Series Original release date: May 19, 2022 Legal Notice All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/ . 1. EXECUTIVE SUMMARY o CVSS v3 8.6 o ATTENTION: Exploitable remotely/low attack complexity o Vendor: Mitsubishi Electric o Equipment: MELSEC iQ-F Series o Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition by sending specially crafted packets. A system reset is required for recovery. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of the MELSEC iQ-F series a CPU module are affected: o MELSEC iQ-F FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS: All versions prior to 1.270 o MELSEC iQ-F FX5UC-xMy/z x=32,64,96, y=T,R, z=D,DSS: All versions prior to 1.270 o MELSEC iQ-F FX5UC-32MT/DS-TS, FX5UC-32MT/DSS-TS, FX5UC-32MR/DS-TS: All versions prior to 1.270 o MELSEC iQ-F FX5UJ-xMy/z x=24,40,60, y=T,R, z=ES,ESS: All versions prior to 1.030 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 The affected product is vulnerable to a specially crafted packet, which may allow an attacker to cause a denial-of-service condition where a system reset is required for recovery. CVE-2022-25161 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been assigned; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:C/C:N/ I:N/A:H ). 3.2.2 IMPROPER INPUT VALIDATION CWE-20 The affected product is vulnerable to a specially crafted packet, which may allow an attacker to cause a denial-of-service condition. CVE-2022-25162 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/ I:N/A:L ). 3.3 BACKGROUND o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing o COUNTRIES/AREAS DEPLOYED: Worldwide o COMPANY HEADQUARTERS LOCATION: Japan 3.4 RESEARCHER Anton Dorfman of Positive Technologies reported these vulnerabilities to Mitsubishi Electric. 4. MITIGATIONS Mitsubishi Electric has provided the following mitigations or workarounds: o FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS with Serial number 17X**** or later update to v1.270 or later o FX5UC-xMy/z x=32,64,96, y=T,R, z=D,DSS with serial number 17X**** or later update to v1.270 or later o FX5UC-32MT/DS-TS, FX5UC-32MT/DSS-TS, FX5UC-32MR/DS-TS update to v1.270 or later o FX5UJ-xMy/z x=24,40,60, y=T,R, z=ES,ESS update to v1.030 or later Use a firewall or virtual private network to prevent unauthorized access when Internet access is required. Use firewalls or an IP filter function to restrict connections to these products and prevent access from untrusted networks or hosts. For details on the IP filter function, refer to 12.1 IP Filter Function in the MELSEC iQ-F FX5 User's Manual (Ethernet Communication) . CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies . Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies . Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents. No known public exploits specifically target these vulnerabilities. For any questions related to this report, please contact the CISA at: Email: CISAservicedesk@cisa.dhs.gov Toll Free: 1-888-282-0870 CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYocSlMkNZI30y1K9AQi0gQ//dhOVg2Zdj0qgS8SqUisd9rsVNjGaKntw 47LoznXMkkWucMeIWx6nK/zOcr6PgTJ6Q5iFyun0lWlhmsiJmW18EKudcjK38NBV VjW9ZYe5slFLBWisdGdiqXyFgOiYO6CvWTMA1b8EJ5jeXRxJIJQ2xDRvyixw5hFT pNyFojhm+yVvZTTc9M1tPuo9OvhOyvqKkR8465cKMOwyyPnirnWM01d6vbE0Oq3e wVtSsZEDAGHZscjhEyP0xwUVJBp1Mk9m8rAs5yz+qu7iXLiN7GLFxsdGiLsh9kW7 ir2fbN6nHz5dVieYSwdNiTwBzv9fZqA17H4NNiiy9NOyXKcM4yLtMgHVQ49D1+7p Krnb3iOYH8CSYNzz8r0GYXYFaOysq9WN1HnXqPu9kE3npLXyn/rqKiS5vKWIVbQF 0NUlPhDHEutr9qiUAmbs7CgW01S+6DL6dj3cOKYVHD3dTAeMMpYSO/rmkiop1miG IeBABiyhwoDXS2U4goomXksg6M/IXAh7Tcxc637aU93kr0GeOR/b0gJ1MxF53SSB M/IvaBOA4xc2iphogN7NZHGQ57JI5ZN5BJXVHaHbFVg1wp1FDT9SFnObjaTZq77n SplUJdRudGMwoEYBPJKGyr95WSCJcurUav//OwMtf1KBFXYn50L9cWPSO74vqHYL jdiQnD8yr7Q= =cpmB -----END PGP SIGNATURE-----
2022. május 20.

ESB-2022.2494 - [Win][Linux][IBM i][HP-UX][Solaris][AIX] IBM WebSphere Application Server: CVSS (Max): 5.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2494 Security Bulletin: IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365) 20 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM WebSphere Application Server Publisher: IBM Operating System: AIX HP-UX IBM i Linux variants Solaris Windows z/OS Resolution: Patch/Upgrade CVE Names: CVE-2022-22365 Original Bulletin: https://www.ibm.com/support/pages/node/6587947 Comment: CVSS (Max): 5.6 CVE-2002-22365 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) CVSS Source: IBM Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L - --------------------------BEGIN INCLUDED TEXT-------------------- IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365) Document Information Document number : 6587947 Modified date : 19 May 2022 Product : WebSphere Application Server Software version : 7.0, 8.0, 8.5, 9.0 Operating system(s): AIX HP-UX IBM i Linux Solaris Windows z/OS Edition : Advanced,Base,Developer,Enterprise,Express,Network Deployment,Single Server Summary IBM WebSphere Application Server is vulnerable to spoofing when the Ajax Proxy Web Application (AjaxProxy.war) is deployed. This has been addressed. Vulnerability Details CVEID: CVE-2022-22365 DESCRIPTION: IBM WebSphere Application Server, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. CVSS Base score: 5.6 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 220904 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions +--------------------------------+----------+ |Affected Product(s) |Version(s)| +--------------------------------+----------+ |IBM WebSphere Application Server|9.0 | +--------------------------------+----------+ |IBM WebSphere Application Server|8.5 | +--------------------------------+----------+ |IBM WebSphere Application Server|8.0 | +--------------------------------+----------+ |IBM WebSphere Application Server|7.0 | +--------------------------------+----------+ Remediation/Fixes IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH44339. For WebSphere Application Server traditional: For V9.0.0.0 through 9.0.5.11: . Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH44339 - --OR-- . Apply Fix Pack 9.0.5.13 or later (targeted availability 3Q2022). For V8.5.0.0 through 8.5.5.21: . Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH44339 - --OR-- . Apply Fix Pack 8.5.5.22 or later (targeted availability 3Q2022). For V8.0.0.0 through 8.0.0.15: . Upgrade to 8.0.0.15 and then apply Interim Fix PH44339 For V7.0.0.0 through 7.0.0.45: . Upgrade to 7.0.0.45 and then apply Interim Fix PH44339 Additional interim fixes may be available and linked off the interim fix download page. IBM WebSphere Application Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. Workarounds and Mitigations None Change History 19 May 2022: Initial Publication - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYocSZ8kNZI30y1K9AQjAwg//UP0HSXpQpZVFBfFxldbx8DqGZDDqdomG nKYwHikMAq7ASmc5JgvgYkqARYod5UC0L/jqI0K6igIDDkgsbQQzTBfzSEvup3Fs RA9tYl01DtaQ6+qI2+4v52OPGaBmw6yrOjbp4drJH9oEa+GXTth6vKDOK+vMBKYO EOhoe90MFkgIMIoqJ9xSsjgtFTg1Fj8EMHzu0oD10YcC50NxpurCeRCPTOYT+uUB TgR12QNwi026RMLvwAOryufu25STmdH3qflw5oANb8FuaL6hkvV4uSx3qc3+XMm4 BB84nec+8yFBTNdETk9i4pGgVPJ1IY/+std+gqJihwETQuK6qSl/CaIh1Rumum6P fSPDMisPWbWDc/U587xj5I8RuxNoJbQzLIaTnvPzrunMCf/z4vo7N/u4vBHZKGkZ ROWGt/up55eJRFHC85SYyQPTCDo7z/bMQSeX7O8zT/10YB2Hi0uEagGcucTNTL/a G1BnIg8apHgYhzz3ffjcYFNz1MOayFYJn+pVs8GjnA775AAMW4LZLutnQutPZPVh bhpLmGgwZBefW4TpSXcchYNbWD89jp5a8qYfzTQa2U6RMhA+x75QXDaBVQnTCstx EPLazkR84ADhZ0kJ/tNwCkDdRukd5qAymDzDCKj24glJUh2GzrwODkI+TTURXk+1 QVIMy06TUzs= =wKzx -----END PGP SIGNATURE-----
2022. május 20.

ESB-2022.2493 - [Debian] thunderbird: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2493 thunderbird security update 20 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-29917 CVE-2022-29916 CVE-2022-29914 CVE-2022-29913 CVE-2022-29912 CVE-2022-29911 CVE-2022-29909 CVE-2022-1520 Original Bulletin: https://lists.debian.org/debian-security-announce/2022/msg00109.html Comment: CVSS (Max): 7.5 CVE-2022-29917 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5141-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 19, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : thunderbird CVE ID : CVE-2022-1520 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29913 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed in version 1:91.9.0-1~deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 1:91.9.0-1~deb11u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKGsnYACgkQEMKTtsN8 TjYbCQ/+N6Kn5fh66eyQF3rE0C0CE/uAwab7CIpkOkBMC89gVakzvEl8lYgh9MGu 90g6GfH9IJd4dPz9qOQg6ToaWkmIFSL/kL/xEHP4/C8OuSE3WApINmy5WtsqWPZW USIr7WVD8IhGyfV+ql5p1tqFlfSXSK8lhVsKd2qykrWtS5K7HSUoiPm3KJxut4VN 7UjnTu9PsXCGL0lXQ0dnp3312DXrm8+mkFWognJs7MRvRjUScquozXo3umA0f6nT MY5+uEAMI0sMDvoAlNb6VwudbZEj0jTQFY6hcDcr40/xjiHeYtz4XjT5NUS0GCe+ ItT+gjN6VbIUZ8Ybb1CAyKZfzAkB0IkeYK7ywGg1rvWgpvK1SJxAtnBqZQ+usjV1 PkBpIpg1MEFLYYKakoFYtT0SqESBOqDpzp20NH8maq5VGDjOm32oelPKT66OLy+a xAZUydFZHhnA2H1/gdmPZ5zxYYmDoONU0PVvD8JYYLiaipdqchxvdOHhA0D0Ys6y PxLBLBJ3XNXU+XSHCchOsH8tcfld7PvB9gjnBsogpe7vZHw5kb2pRoEOoz2Aeq0a QqXugRdCuF4f+c4orbEuvrzsJa7SbzO6whyHstKmL//YnVAGnRJsDv8Q5Upo4qHG tc8DfUUCG0y2TTLMwE0h8e8flJVSDPeyTUiOgDC3TGrE/S3gF38= =qYL6 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYocHD8kNZI30y1K9AQhrhxAAh1AZbRaMWIKtZoUAvPBbIFnpzoLX6pkg VT/3z2xNN/izEMyWr89nnpHRxyfY4zec/kksZbDmwUdm5TERjhdil4MShND7cxK7 x09Hvwe1qrpKTMWA69dNfiRd0Jm73Hp7YxddqAM6/ZWRzH95nOmMIrBq9fNxR0E3 /eSeMWVM/1qE6ASCyWMrScZcaSr8uvXOGq7RjfCdCL+tpTSO0wUoiAZF3IASld+j v5+IbkiFJKlcMw+ywne2kee6+yhX0tNsXQ2vMY4YlsP+yqskaHMpMKB0QRqVsRkf ZNl9apZ1a4OurUkjGudUIvAu11YZW0lI1JK8aSb2ax2t7/jGFfloSQysyPyzpinI VVv+Yn/i0oRFQhDr9tc24RQUJyZA3EAHG2yQ1ozUzWFEKCyiCbhDP2UaA0QY/Y7x Qwan/I4pjJw8g+PJviXjJ3ypC2kxKBr55Fgb24rnYiIrKRqIJ/R9arKniaTp3QSu 2ulLYsbU/Bkbf8wFrCeMX5jdv8scrI0h6ebw39aEs3iYgq7OKuRX7WQFK+2JpP/u zrSeMCT8Yfvcv56DomjtYYjyTzwcWx0PQFqzOauwRWutW2Qaot1LBa4U3SJxrytO 4KNVI2v3ty1VOec3tttcJQx9nsZrHqx5fW4Y5QbFdsjsRHUO5XXtwYOqdC/A9OgM eckH+7yARVY= =CQHt -----END PGP SIGNATURE-----
2022. május 20.

ESB-2022.2492 - [Debian] openldap: CVSS (Max): 9.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2492 openldap security update 20 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openldap Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-29155 Original Bulletin: https://lists.debian.org/debian-security-announce/2022/msg00108.html Comment: CVSS (Max): 9.8 CVE-2022-29155 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5140-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 19, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : openldap CVE ID : CVE-2022-29155 Jacek Konieczny discovered a SQL injection vulnerability in the back-sql backend to slapd in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, allowing an attacker to alter the database during an LDAP search operations when a specially crafted search filter is processed. For the oldstable distribution (buster), this problem has been fixed in version 2.4.47+dfsg-3+deb10u7. For the stable distribution (bullseye), this problem has been fixed in version 2.4.57+dfsg-3+deb11u1. We recommend that you upgrade your openldap packages. For the detailed security status of openldap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openldap Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmKGog5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R03Q//TDC5ZCoSjIFiAhWdDUZudPRo8O8Pec3Z1fJ90MHkqFV7UiVSbjkoJhHi 0MMNgD6kiDvCM5NE7Opv7uxGviNJCJmvzwdw11X4m+HVbt5phfooeM4rr4MAV8FM t7OfUinVTb1kry3j1660SiV1J5wI2WXXta8yj8zDIYnpWD0k/ievXgFjN+jfLSbu GO7E4k2bmHmyi4P/C9BExkzMINa7y4DbfQzTTbBFycEKE6FQeTxJhI4U1uUf27/y iy5vB17E5R4PCmaX3+YGjvb/TceSX6q/Bs49hh3ktL8K6o3csBsglgR8uHygBqxQ JggTEKO+L/zP5Av9nZRmp0krTlKf52uGlCD9hS/vp4YOlDTnLgXkMivPoYSZms0L dEIhFgwd4+iKZD5JgUYqcv9ZHA51+9XT8shCjgWLRYzPQbgBs0zl5iGYa36RvYwR 7tS0STd4GJpcBPrry3ppqsp0E+7WplAY9H8RHUgl3r+rGXygpW0QsYycT39MPFDD IH5G5nmhOxoHD25nnW36+Fl7V2An76Jc/br1hpc0TV9hQkmpDbZJdjBJLINS12FP J/WSWIeywDmJHYHrU/PNWBPh9OqSJyxrrX7kfxdXWDFZy4o2Db+A48m7X8f3rlrv rFUMS3KcBrQqvx3nq2gj5CpPCAz000d0/GnECLckeIeYTL8OqhY= =PNiK - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYocG6skNZI30y1K9AQjMKw//aSA0ZqD2X4sWAO8zrg+HPlWf8tmrU4oZ 05dHFZ2OTXSloDNaZi0kPaqpXgaYG8Zp3kYgOt8sq5WzkV1O1bW1A+6WOYOcXiKw 4nfHdZ92BsI8Gr+ssJLA20ZfR+iHZBiKg2zqmC6DKxRTNz/Bhe4Z9hbT/eSIKh/S bTgYSKGCjm5W7MFX2Vu0xnJ8XrOIRi6pB6QEMRm434tK0yacBJM4ql1me824sviO kY3zMab247mEcOm8CniSKfz5YoujW1GcBntoUWSSC/eCRC+nGchQ/jAxXKebO77a Oz6ZNxU/qFnl85MX65c/LS+DLZH7skBftb56K+Wh3tEiAGabIMnttYOXmVivdlmv KFgfKN/FMrIbJqTvm40OVBdtMY8F9kXc4znkZhPRg7Ike5e6B6QIIGF2sB0Ug/QQ tOf0EjBSI5+XJcP7EnJpprHOV4AMlGJaR8G/vbYow5PhHQCLfzCk7pQfvVLd1Dfs jlKX7AoyY4IeQ6dI6WkJjFPQNDGL6MsDEgRkCdjjCWJww9+pq8clWAcU1sxa+IDJ jYM6ax8hrMvGJKF/ppVDNEw91fT/HIbvekW0WgoPem2Ys0wkluezl9O2TTTFknQW SVPOYUzdxNgNKnhMKV7oZZZk+0z5n+yHoTPJsFm5CfCEseP/q95x5yUVpeEdcHba 349ckFVRDBw= =JIWQ -----END PGP SIGNATURE-----
2022. május 20.

ESB-2022.2491 - [Debian] elog: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2491 elog security update 20 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: elog Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2020-8659 Original Bulletin: https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html Comment: CVSS (Max): 7.5 CVE-2020-8659 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3014-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta May 18, 2022 https://wiki.debian.org/LTS - - ----------------------------------------------------------------------- Package : elog Version : 3.1.2-1-1+deb9u1 CVE ID : CVE-2020-8659 A vulnerability was reported in src:elog, a logbook system to manage notes through a Web interface. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition. For Debian 9 stretch, this problem has been fixed in version 3.1.2-1-1+deb9u1. We recommend that you upgrade your elog packages. For the detailed security status of elog please refer to its security tracker page at: https://security-tracker.debian.org/tracker/elog Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmKE4hEACgkQgj6WdgbD S5YffBAA6FRlAhak9z7kNxLXDGJCqTInUpv6QHk4Bau991xpCx4Cau0DsXY08P2c 5xAbgOaT2kD6TPT/wptkH7E0SyDJ4p2EjNWEHGSNV9eVAGBd+sP4AbpDeRf/caXZ GZkScCf5+PyVxD5YdyidF3HvRcJOPepIyT+eRx+6zx0vja7TCywpy4rqYFFOpEdm 4O/aO7QhtCZNa2TI07SL8Gh3PcA7cveW6k4janMx4AZCDY+zcGeP4ySSHmaKjAE7 4xJbuo17q7AVGozzFuaMZoZD0z955/t1mYTUX864JCFpVoBJCbHxyaTCpy0pqD3/ bRnBSrgZM2hCSlKaKOMo6Y0gpS4RGYi1uA/TQVrF11c6mNFZ7usbmbqsK3gvonOf 5Y7HRXavVCCfU/XUoh30GTMGmfdo7HQLwdFCOu8yTZvyDBxjoLP3irciD3agrixW 4yn3HHp4z8xj0iiegmpObyle77DKXBRRIftwEXZGwHl98LIXcqVJARWNMvZWTtjD oVl6BeQSOSgeKf21psRzcv/QYS2Wd4hPBKtLVYNjbv3iBhbLZK3IMDbbHXT17JP7 0VxQnHG5d9wb3Edc20YvG5Sz/zNYGz/Ybjleu10DTgj4eNCN839RgKkrpZNttRCe dYPf2u8xbF9SsJNVKeAUgOcj1kmN34rKBNphrne66+Wxl44e3T8= =/o3p - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYocGtMkNZI30y1K9AQhhIQ//aurJrN5YH3HINRWDoveU4FHaoEd0HKEx zXzYvlQzihBydFORVFEZ0uU998TrGnSU1kQVB3BAc6Q6NsXbIiTGI1vsWnTQ8wtU 1++Dp5EXMBvzdaJM1fAipGKqh8FAUqpq0IRE5/W9khM9R2HOxjx4pxazu6VaPj/G 9q4KWwzGI8P49GP1IIGnYnlekfKIdLRnnGyOBY+DW0Ude4I6oJonqMwc4s+XAPLt +mcqwibUebOREkWkNNUCPvcQMRG7jjv1IgYRay2S7GhzXfmooEfDn4DXl5oat9NC 01Rky4/GXCV2A6BfGgOkgTVGhKFy0dr4VxTuiHSu+QpALvAmO41OIv+2Gt7plUdQ d1oVCbYt8UaiLMSfp7B/Ai4uUVVXO61bUfztgxmcNlsDkea7gqK9YdTASS3KDRbI 2Rml1fj9EyLY2QWLKHBFZuEM+O0mBr8aURBk+8CxFaMGgzVRdmeFTconKNcYby+E AbPGjgdpLWX9ZqhMbUgD/QvhtCqHOl7/jYVlzCkvD7u78cHp6AXHh5viGunlzkxs mbTS6cmiC18+C8sO4BCFf9xw2zoOHUNJrtsNSPAZLOKvR9SJZLuwgo55t4lWlWwI Hh1ElzhGeCr1Am7AD4/E8klBnaTXUf42H3WwgzdHyyjkPg2TQtMXUrFqApO8ZOcj 5qy2ZvOxp3E= =TYkH -----END PGP SIGNATURE-----