CERT RSS

Pretplati se na CERT RSS feed CERT RSS
Osvježeno: prije 11 sati 24 minute

Sigurnosni nedostaci programskog paketa thunderbird

čet, 2020-07-16 15:40
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LRH

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:2966-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2966
Issue date: 2020-07-16
CVE Names: CVE-2020-12418 CVE-2020-12419 CVE-2020-12420
CVE-2020-12421
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) – i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) – i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) – i386, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 68.10.0.

Security Fix(es):

* Mozilla: Information disclosure due to manipulated URL object
(CVE-2020-12418)

* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)

* Mozilla: Use-After-Free when trying to connect to a STUN server
(CVE-2020-12420)

* Mozilla: Add-On updates did not respect the same certificate trust rules
as software updates (CVE-2020-12421)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1853015 – CVE-2020-12418 Mozilla: Information disclosure due to manipulated URL object
1853016 – CVE-2020-12419 Mozilla: Use-after-free in nsGlobalWindowInner
1853017 – CVE-2020-12420 Mozilla: Use-After-Free when trying to connect to a STUN server
1853018 – CVE-2020-12421 Mozilla: Add-On updates did not respect the same certificate trust rules as software updates

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
thunderbird-68.10.0-1.el6_10.src.rpm

i386:
thunderbird-68.10.0-1.el6_10.i686.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.i686.rpm

x86_64:
thunderbird-68.10.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
thunderbird-68.10.0-1.el6_10.src.rpm

i386:
thunderbird-68.10.0-1.el6_10.i686.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.i686.rpm

ppc64:
thunderbird-68.10.0-1.el6_10.ppc64.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.ppc64.rpm

s390x:
thunderbird-68.10.0-1.el6_10.s390x.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.s390x.rpm

x86_64:
thunderbird-68.10.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
thunderbird-68.10.0-1.el6_10.src.rpm

i386:
thunderbird-68.10.0-1.el6_10.i686.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.i686.rpm

x86_64:
thunderbird-68.10.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-12418
https://access.redhat.com/security/cve/CVE-2020-12419
https://access.redhat.com/security/cve/CVE-2020-12420
https://access.redhat.com/security/cve/CVE-2020-12421
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXxAD6tzjgjWX9erEAQgdfA/+NI92uVEITQvCmwzc6yd4dGO/pIaKhwXa
R7dNZZpdbdz4tPGvFGBAJygBdd3RTO0CDZa7IpDpVhRvTXGOc+iT+DLAOvsjynDj
4Sl5u0XBW3NEnCViJ0pLnXtFqNN77QFSJkC5YW6ThEwmp818YGOvm18pL48ZUQ5D
xrAj8jwWLgnXhe3Coq/v4gV4VjZ8jqDjjkiQsNCbFAZIuH14RCfr2WAtUaeOsJVj
Tp6mQx9P0hj9sHwYISg78bxawnVGuoEOvidV11BEsg5dZC51n+WdHB9Uy4I8Ykz9
li3IC0Q9AJBL6HDHotPBFSrIuVM62JnUUJGZfmUTq3wqB5cWGiod68XTYl3HIkLz
NHyDcHM5ZtMBVDnfKCXEOhDXqf4gOhH1hVwB5feI1xnih9niTVm+ZTvKoRMn5bYm
xx9ISnz1bjszjADEWKfg3dbeldMe4nA/F7GBG721LS1XOeTWQcoAnPGrPCRiz2dS
d7sYIucApYHYnMdD8Gs//USrA/93KuAng8Ru8kBACtWgROLamke3P6II1R8crKpz
Bxwy7qsIMkvfdZjWgPdn9q9G5hQ8ixeCr2JzMCueXOn6+EuW/OPJ9MDwxZRHfSOK
dgHMaBZeURN+36RoNozeXjARE+ohOy6ymAspEPG4NRuTsDLaTPpymi1pbZwdzwkc
Mj/hEuNtfa0=
=bFq2
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

The post Sigurnosni nedostaci programskog paketa thunderbird appeared first on CERT.hr.

Sigurnosni nedostaci programskog paketa sane-backends

čet, 2020-07-16 15:39
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LRH

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: sane-backends security update
Advisory ID: RHSA-2020:2967-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2967
Issue date: 2020-07-16
CVE Names: CVE-2020-12861 CVE-2020-12865
=====================================================================

1. Summary:

An update for sane-backends is now available for Red Hat Enterprise Linux
8.1 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.1) – aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Scanner Access Now Easy (SANE) is a universal scanner interface. The SANE
application programming interface (API) provides standardized access to any
raster image scanner hardware (for example, flatbed scanners, hand-held
scanners, video and still cameras, and frame-grabbers).

Security Fix(es):

* sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c
(CVE-2020-12861)

* sane-backends: Heap buffer overflow in esci2_img (CVE-2020-12865)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1850556 – CVE-2020-12861 sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c
1850598 – CVE-2020-12865 sane-backends: Heap buffer overflow in esci2_img

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.1):

Source:
sane-backends-1.0.27-19.el8_1.1.src.rpm

aarch64:
sane-backends-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-daemon-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-daemon-debuginfo-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-debuginfo-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-debugsource-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-devel-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-drivers-cameras-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-drivers-scanners-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-libs-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-libs-debuginfo-1.0.27-19.el8_1.1.aarch64.rpm

noarch:
sane-backends-doc-1.0.27-19.el8_1.1.noarch.rpm

ppc64le:
sane-backends-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-daemon-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-daemon-debuginfo-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-debuginfo-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-debugsource-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-devel-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-drivers-cameras-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-drivers-scanners-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-libs-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-libs-debuginfo-1.0.27-19.el8_1.1.ppc64le.rpm

s390x:
sane-backends-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-daemon-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-daemon-debuginfo-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-debuginfo-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-debugsource-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-devel-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-drivers-cameras-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-drivers-scanners-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-libs-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-libs-debuginfo-1.0.27-19.el8_1.1.s390x.rpm

x86_64:
sane-backends-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-daemon-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-daemon-debuginfo-1.0.27-19.el8_1.1.i686.rpm
sane-backends-daemon-debuginfo-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-debuginfo-1.0.27-19.el8_1.1.i686.rpm
sane-backends-debuginfo-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-debugsource-1.0.27-19.el8_1.1.i686.rpm
sane-backends-debugsource-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-devel-1.0.27-19.el8_1.1.i686.rpm
sane-backends-devel-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-drivers-cameras-1.0.27-19.el8_1.1.i686.rpm
sane-backends-drivers-cameras-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_1.1.i686.rpm
sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-drivers-scanners-1.0.27-19.el8_1.1.i686.rpm
sane-backends-drivers-scanners-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_1.1.i686.rpm
sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-libs-1.0.27-19.el8_1.1.i686.rpm
sane-backends-libs-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-libs-debuginfo-1.0.27-19.el8_1.1.i686.rpm
sane-backends-libs-debuginfo-1.0.27-19.el8_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-12861
https://access.redhat.com/security/cve/CVE-2020-12865
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXxACRtzjgjWX9erEAQhLBg//QQkXdgQdICoN2MtyToPgUxzG74VEtgsR
Ba3NyDKMIPznSArqDxqLx89mrmPyY8Hc3HMX3gZTrIwzb6loAJFhjHG2Davn2V/O
PpvR8BK43A2LDQzCcnJhGyX6uFFWA/+zpYIOh1cVNklaUuIoYXEIOFDCPLkvVUjc
zGLeAQw2H5lOhvTvk/9BqzdUYLIMVzLnZ/EptfTOeByNYlNOsWI7LqtQSHParFot
+Ks1cFDFrGgwFT4vK3EFVoU46UQTX/wJvx6+dUxDsjGS5te17Kr969bkBuU+LIOz
0hGkwqRc7r6rzrGBAjpiJr2dMCj98bOmrk3CUl3shKxtZHab78ul6wDz0l0KUyNN
mTDANKGLOsVW48hSm9+mU5mEnXEeQEheYPCdryeR3bUCpP3MEYrktTPI9AHOMBNg
roeryv91CVlfpKsaYWAPHGocEV7i5NhGeGg9dDXIa6I3h3nogd6sWIAoYv8vcWvL
/CA2bqao33PVSnBMxqEb4yZEyGmEGaHWliLP7JvFkkvqvanTxhbSNShx+eCGs9H8
SqGV66+vl3XSThN5NV4UJc/JqDDFe7aYeYZ9gMzhp4vFHYmHCwzrQKR3WkZ44e4P
kVtavjXSqoCoM4B2lyuHj/nzHidxJHy2Z0G8FtRrqAT8hzz93KxlnTf1hr5lpFCC
gFql5B5nO9I=
=3sLe
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

The post Sigurnosni nedostaci programskog paketa sane-backends appeared first on CERT.hr.

Nadogradnja za macOS Catalina i macOS Mojave

čet, 2020-07-16 15:39
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: M
  • Kategorije: APL

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update
2020-004 Mojave, Security Update 2020-004 High Sierra

macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security
Update 2020-004 High Sierra are now available and address the
following:

Audio
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9884: Yu Zhou(@yuzhou6666) of 小鸡帮 working with Trend Micro
Zero Day Initiative
CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab

Audio
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab
CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab
CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab

Clang
Available for: macOS Catalina 10.15.5
Impact: Clang may generate machine code that does not correctly
enforce pointer authentication codes
Description: A logic issue was addressed with improved validation.
CVE-2020-9870: Samuel Groß of Google Project Zero

CoreAudio
Available for: macOS High Sierra 10.13.6
Impact: A buffer overflow may result in arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-9866: Yu Zhou of 小鸡帮 and Jundong Xie of Ant-financial Light-
Year Security Lab

CoreFoundation
Available for: macOS Catalina 10.15.5
Impact: A local user may be able to view sensitive user information
Description: An issue existed in the handling of environment
variables. This issue was addressed with improved validation.
CVE-2020-9934: an anonymous researcher

Crash Reporter
Available for: macOS Catalina 10.15.5
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360
BugCloud

Grpahics Drivers
Available for: macOS Catalina 10.15.5
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9799: ABC Research s.r.o.

Heimdal
Available for: macOS Catalina 10.15.5
Impact: A local user may be able to leak sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2020-9913: Cody Thomas of SpecterOps

ImageIO
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9936: Mickey Jin of Trend Micro

Kernel
Available for: macOS Catalina 10.15.5
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall

Mail
Available for: macOS Catalina 10.15.5
Impact: A remote attacker can cause a limited out-of-bounds write,
resulting in a denial of service
Description: An input validation issue was addressed.
CVE-2019-19906

Messages
Available for: macOS Catalina 10.15.5
Impact: A user that is removed from an iMessage group could rejoin
the group
Description: An issue existed in the handling of iMessage tapbacks.
The issue was resolved with additional verification.
CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP
High School North (medium.com/@suryanshmansha)

Model I/O
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security

Security
Available for: macOS Catalina 10.15.5
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9864: Alexander Holodny

Vim
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2019-20807: Guilherme de Almeida Suckevicz

Wi-Fi
Available for: macOS Catalina 10.15.5
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud
(bugcloud.360.cn)

Additional recognition

USB Audio
We would like to acknowledge Andy Davis of NCC Group for their
assistance.

Installation note:

macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security
Update 2020-004 High Sierra may be obtained from the Mac App Store or
Apple’s Software Downloads web site:
https://support.apple.com/downloads/
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx0ACgkQBz4uGe3y
0M3aXhAAm0hhJpdR0h7uhbtT6LkOuBAYbn0ivAbaB2wzEgZJNXBi9pwd/eL+I1tZ
FsYG2Ux0P7VOXClepKzM/yi2Y9w9JZt/u5jSpps7n4/6k4JpcBT74IBF8A4iUvfQ
DZcd58rTYf7PuO28ZW9FcYVhgMrN1oPheg0yr+ZaM+0wJrBfPg5STX9AwtPw5P4B
aDMYGqv6EQLRiI/cj18/BnLD9kuYq2/fvO/AVjTzAGWVWmY0jpEaaHoeEgSbocNd
qVpobhb8K8aK3PjfocK62hSH9DF0yBQYVsnX+bRmTDqzkWK4FXN6fG2ObiI+9ytq
wJ6RPT9N5rkIsru8iqaYW6vo5eS61tCAxSgsOsWsm9+KAaBLOnrLzago3kQbtnTG
SQBDDSW5w1iI/+kypdCCE67I67psSxPfrDdPU2wG3arQjnE4xm7S4eOE+9cBlKY+
bsNpFcYgShyZ6GnaJ1yVbZgR2zK97xbKYp8xbEOICeCchO1vF31hlDxsMl09UV1U
eYJ3sOqBUxDpUj2vjpP9pB4ocSlHdAENL/5dyWUPlx8wjpnodRX2HsPHonjTqM4y
kgwJjHI26LZWU4icKIPvl8875ksw/sCmKpVZlbF0IRPvd58ITt5rSvUTQulKqVs6
ML/l/uIf4shjBmNz0xdQlzsdctxdnPh1ge1kNfH34X4JgPWVWaM=
=GCJp
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/security-announce/advinp%40cert.hr

This email sent to advinp@cert.hr

The post Nadogradnja za macOS Catalina i macOS Mojave appeared first on CERT.hr.

Sigurnosni nedostatak programskog paketa evolution

čet, 2020-07-16 15:38
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LDE

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4725-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 15, 2020 https://www.debian.org/security/faq
– ————————————————————————-

Package : evolution-data-server
CVE ID : CVE-2020-14928

Damian Poddebniak and Fabian Ising discovered a response injection
vulnerability in Evolution data server, which could enable MITM
attacks.

For the stable distribution (buster), this problem has been fixed in
version 3.30.5-1+deb10u1.

We recommend that you upgrade your evolution-data-server packages.

For the detailed security status of evolution-data-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/evolution-data-server

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8PaKsACgkQEMKTtsN8
TjYLmg//WHM79x5dSymzSA2l/jUKxEdmTZlo9w64qXj9dR+8rsVfTZb9UgyMLPn2
0+U8xc6Yby3VBxv+6VyEnS1ToMvrpVKrjIBikMFPKbfnXfZGKkulB3hxRZDshJNA
bkgAtAnZsrjPj4aMKkRByq7lJ53NvfS18J+21NP1G7QNxx6lvL2tvlOCqv+VYqaW
NPVtJa7rF7GHWzk87rsAD4aKyrYlAPmtgB4yJIbI+bqWgObZG8Kra1uLkWe96Cgc
Abi0G8xz0K8FXVOSnwJkphWsVp+YaITOhVnb/D3C3j3e6UX3H5OXDMrmodQrX1eE
ZRNHWr2XjL3WWaOIeWYXr8CLwecE/kqtDCuSg2/RVL9QbIlXuOM3+uWwlSpWo5S+
gLjnKgamnnYaqZ1hv9YT+aCdI8HoFPSNeFq+esJyZ/rVnDKK9WwUr+20wDo8Oian
GXtffEGjOnEPc2JiI1OSDwbeSR5vHD4m+L6/1IX/QI7jpu6MoGlgBxcq0lyuXRnN
dg/U9nkFoG+QaJbLt34tLG/DV+c6mZrCOVYvrOuVuD3YqM7uJBmQ7XGlGJfU7PsU
G+3FiOLmBt6M5FhEhphXV0S9Oh1PkNaBR/8MMJJjPACk4nMsrAyZoyqc50b5ehzH
/w/ctYugXMHdoZVmC4HX6e7vKJYFNqsp/q4IKI+l7MA30qHNawU=
=ZEAL
—–END PGP SIGNATURE—–

The post Sigurnosni nedostatak programskog paketa evolution appeared first on CERT.hr.

Sigurnosni nedostaci programskog paketa snapd

čet, 2020-07-16 15:38
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4424-1
July 15, 2020

snapd vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

An intended access restriction in snapd could be bypassed by strict mode
snaps.

Software Description:
– snapd: Daemon and tooling that enable snap packages

Details:

It was discovered that cloud-init as managed by snapd on Ubuntu Core 16
and Ubuntu Core 18 devices ran on every boot without restrictions. A
physical attacker could exploit this to craft cloud-init
user-data/meta-data via external media to perform arbitrary changes on
the device to bypass intended security mechanisms such as full disk
encryption. This issue did not affect traditional Ubuntu systems.
(CVE-2020-11933)

It was discovered that snapctl user-open allowed altering the
XDG_DATA_DIRS environment variable when calling the system xdg-open. A
malicious snap could exploit this to bypass intended access restrictions
to control how the host system xdg-open script opens the URL. This issue
did not affect Ubuntu Core systems. (CVE-2020-11934)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
snapd 2.45.1+20.04.2

Ubuntu 19.10:
snapd 2.45.1+19.10.2

Ubuntu 18.04 LTS:
snapd 2.45.1+18.04.2

Ubuntu 16.04 LTS:
snapd 2.45.1ubuntu0.2

In general, a standard system update will make all the necessary changes.
On Ubuntu, snapd will automatically refresh itself to snapd 2.45.2 which
is unaffected.

References:
https://usn.ubuntu.com/4424-1
CVE-2020-11933, CVE-2020-11934

Package Information:
https://launchpad.net/ubuntu/+source/snapd/2.45.1+20.04.2
https://launchpad.net/ubuntu/+source/snapd/2.45.1+19.10.2
https://launchpad.net/ubuntu/+source/snapd/2.45.1+18.04.2
https://launchpad.net/ubuntu/+source/snapd/2.45.1ubuntu0.2

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl8PSN4ACgkQW+PTAFZK
yRgjJg//Wmr/AqJ8osp0f3K/XRbrRWcTQiBl7X3qVUB8YZwJ68UcD3J5V5PikeOC
GIy8zbR8o6cCHemyZUEJNY0aAkxSkf4A2B8KQhdWD1HWaVhVY/3TkbS5k2OL8CZ2
MJ551XinyDFQCEtUPBINu9dVEkML9G7V9NUwyScaebnote/uwAhW3NTvfwLQ2a7V
7BfBk7KNxg2hmea5nacyQXuIWE6e3m9Y3AG5ZTqfAtRR0NL6JxueZ5pYD/qsFp/Q
unp2tmAjuYiYCa1YCUuO7EcNRI16GPJL9Z7g5zIc+vPuKGVbaIkSJFmRVLaRtSVj
+K14zyaZGaXECQde8Hccu17SBgODQhxzeAEtz09804b0Bv7Ng4JbSGljQr7dHczF
wGTgnFUsfgm5mHZRl6bPRI7kRWQ09sA5WCWNO7FxD7iDXDsR0xH2LwRDNNnb1tzD
tMn9zlYrR1YRwKtVy5e0wzChc6pnaSMcmXpDqzvPSEYXsaz947hAV3XZKlYrZ1Fr
h9nu1FHtj69POWUkaMW8rcQiKKvYGMGhegvVtZ2uubJlsWIIA5+3upkAKJNLlBTo
2wIMg/YONyyfQsxwBdcnGC5ZNS44nBsGpxW2THwT1JuRbSisYB4MShsAWYmPhUtR
squehvF8juiilLXrBpw09sSdACIPjY/gG7twzcYufsh+/tC5jpo=
=AxQj
—–END PGP SIGNATURE—–

The post Sigurnosni nedostaci programskog paketa snapd appeared first on CERT.hr.

Ranjivosti više Cisco proizvoda

čet, 2020-07-16 15:37
  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-July-15.

The following PSIRT security advisories (5 Critical, 11 High) were published at 16:00 UTC today.

Table of Contents:

1) Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability – SIR: Critical

2) Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability – SIR: Critical

3) Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability – SIR: Critical

4) Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability – SIR: Critical

5) Cisco Prime License Manager Privilege Escalation Vulnerability – SIR: Critical

6) Cisco SD-WAN vManage Software Command Injection Vulnerability – SIR: High

7) Cisco SD-WAN Solution Software Denial of Service Vulnerability – SIR: High

8) Cisco SD-WAN vManage Software Remote Code Execution Vulnerability – SIR: High

9) Cisco SD-WAN vEdge Routers Denial of Service Vulnerability – SIR: High

10) Cisco SD-WAN vManage Software Directory Traversal Vulnerability – SIR: High

11) Cisco SD-WAN vEdge Routers Denial of Service Vulnerability – SIR: High

12) Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability – SIR: High

13) Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Remote Code Execution and Denial of Service Vulnerability – SIR: High

14) Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability – SIR: High

15) Cisco SD-WAN Solution Software Static Credentials Vulnerability – SIR: High

16) Cisco RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Multiple Vulnerabilities – SIR: High

+——————————————————————–

1) Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability

CVE-2020-3323

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp”]

+——————————————————————–

2) Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability

CVE-2020-3331

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb”]

+——————————————————————–

3) Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability

CVE-2020-3330

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv110w-static-cred-BMTWBWTy [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv110w-static-cred-BMTWBWTy”]

+——————————————————————–

4) Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability

CVE-2020-3144

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-auth-bypass-cGv9EruZ [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-auth-bypass-cGv9EruZ”]

+——————————————————————–

5) Cisco Prime License Manager Privilege Escalation Vulnerability

CVE-2020-3140

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA”]

+——————————————————————–

6) Cisco SD-WAN vManage Software Command Injection Vulnerability

CVE-2020-3388

SIR: High

CVSS Score v(3.0): 7.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clibypvman-sKcLf2L [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clibypvman-sKcLf2L”]

+——————————————————————–

7) Cisco SD-WAN Solution Software Denial of Service Vulnerability

CVE-2020-3351

SIR: High

CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-dos-KWOdyHnB [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-dos-KWOdyHnB”]

+——————————————————————–

8) Cisco SD-WAN vManage Software Remote Code Execution Vulnerability

CVE-2020-3387

SIR: High

CVSS Score v(3.0): 7.5

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanrce-4jtWT28P [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanrce-4jtWT28P”]

+——————————————————————–

9) Cisco SD-WAN vEdge Routers Denial of Service Vulnerability

CVE-2020-3385

SIR: High

CVSS Score v(3.0): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vedgfpdos-PkqQrnwV [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vedgfpdos-PkqQrnwV”]

+——————————————————————–

10) Cisco SD-WAN vManage Software Directory Traversal Vulnerability

CVE-2020-3381

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmdirtrav-eFdAxsJg [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmdirtrav-eFdAxsJg”]

+——————————————————————–

11) Cisco SD-WAN vEdge Routers Denial of Service Vulnerability

CVE-2020-3369

SIR: High

CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f”]

+——————————————————————–

12) Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability

CVE-2020-3358

SIR: High

CVSS Score v(3.1): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-dos-ZN5GvNH7 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-dos-ZN5GvNH7”]

+——————————————————————–

13) Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Remote Code Execution and Denial of Service Vulnerability

CVE-2020-3357

SIR: High

CVSS Score v(3.1): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rce-dos-9ZAjkx4 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rce-dos-9ZAjkx4”]

+——————————————————————–

14) Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability

CVE-2020-3332

SIR: High

CVSS Score v(3.0): 8.1

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy”]

+——————————————————————–

15) Cisco SD-WAN Solution Software Static Credentials Vulnerability

CVE-2020-3180

SIR: High

CVSS Score v(3.0): 8.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdscred-HfWWfqBj [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdscred-HfWWfqBj”]

+——————————————————————–

16) Cisco RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Multiple Vulnerabilities

CVE-2020-3145, CVE-2020-3146

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-m4FEEGWX [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-m4FEEGWX”]

—–BEGIN PGP SIGNATURE—–

iQKDBAEBAgBtBQJfDyiVZhxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDIwLTIwMjEgW3JlZnJl
c2hdKSA8cHNpcnRAY2lzY28uY29tPgAKCRCbFvaOC+BFegCND/kBZ1uXA9OFYJTl
NHRxwpNkfWP7CjjzDjO2LlIHjwEZXgrbILaJtXbquku9uz077tyBJrnqDqepDBYH
ZG3L43XLf8d4KjlWYVbbEfgDzOnbbztZTsTbpIjsPrdWBbWN2rouSDpNy9TxCpjU
o5m0V5Bw6rYOVwxU08S5sASTnC4ZIYTcdos7BSgc8NeoMveXyxxJYMd9a7ujRhFT
kS8CdqOFLm2M8QEJ9wYtsdLRqx9GAosJr4OSNHdl81op0A+yB0GTk5mLl9+qS5Nu
F6MvwWX3VJ7HS3lMmBneFvO1Wl+pSwpRfa76Jky1FrK/WTfbrCvpBngwVWWXQJQY
BfUCkvDYtiNHIxpfGecx6DDe+DFajG//Yry/flvGt40FHz+Mq3S7yTj/oWxcq3fI
cNbxUb1dfygIPCusEOnXSPjRrIl5CdFYUooGuY537B8IdPkv00sOU05Vm2cfThKE
wZR8gVMpP7ChnVub+lwSftkqIFxPBcbxEXZKdyt48duXLLsSd68N21/Ap84p7mzO
W4xUrYZZhXUPPdtR7V7pcjLuP68qFP1gWFV4T21CKN52EUpA8sAgWg6XXqjOq8tR
QHfqPlP3SKhPglaiH8rcA4bNDTfudcGY1VXyHoq74qqybDqHyIoJD998Xi17j2sa
9BB9N7wgMg0h7sibrh+jVoctTgIJbA==
=B648
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

The post Ranjivosti više Cisco proizvoda appeared first on CERT.hr.

Nadogradnja za Microsoft System Center

čet, 2020-07-16 11:03
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: W
  • Kategorije: W08, WN7, WN8, W12, W10, W16, W19

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461

The post Nadogradnja za Microsoft System Center appeared first on CERT.hr.

Nadogradnja za Microsoft Sharepoint

čet, 2020-07-16 11:03
  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: W
  • Kategorije: W08, WN7, WN8, W12, W10, W16, W19

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1450
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1451
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1454
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1456

The post Nadogradnja za Microsoft Sharepoint appeared first on CERT.hr.

Nadogradnja za Microsoft Security Essentials

čet, 2020-07-16 11:03
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: W
  • Kategorije: W08, WN7, WN8, W12, W10, W16, W19

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461

The post Nadogradnja za Microsoft Security Essentials appeared first on CERT.hr.

Sigurnosni nedostaci programskog paketa Office for Mac

čet, 2020-07-16 11:02
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: M
  • Kategorije: APL

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1409
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447

The post Sigurnosni nedostaci programskog paketa Office for Mac appeared first on CERT.hr.

Nadogradnja za Windows Defender

čet, 2020-07-16 11:02
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: W
  • Kategorije: W08, WN7, WN8, W12, W10, W16, W19

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461

The post Nadogradnja za Windows Defender appeared first on CERT.hr.

Nadogradnja za Microsoft Project

čet, 2020-07-16 11:02
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: W
  • Kategorije: W08, WN7, WN8, W12, W10, W16, W19

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1449

The post Nadogradnja za Microsoft Project appeared first on CERT.hr.

Nadogradnja za Microsoft Windows

čet, 2020-07-16 11:00
  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: W
  • Kategorije: W08, WN7, WN8, W12, W10, W16, W19

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200008

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1032

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1040

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1041

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1042

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1043

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1085

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1249

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1267

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1330

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1333

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1336

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1344

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1346

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1347

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1351

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1352

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1353

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1354

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1355

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1356

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1357

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1358

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1359

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1360

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1361

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1362

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1363

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1364

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1365

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1366

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1367

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1368

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1369

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1370

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1371

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1372

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1373

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1374

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1375

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1381

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1382

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1384

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1385

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1386

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1387

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1388

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1389

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1390

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1391

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1392

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1394

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1395

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1396

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1397

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1398

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1399

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1400

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1401

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1402

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1404

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1405

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1406

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1407

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1408

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1409

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1410

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1411

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1412

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1413

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1414

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1415

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1418

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1419

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1420

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1421

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1422

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1423

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1424

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1425

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1426

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1427

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1428

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1429

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1430

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1431

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1434

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1435

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1437

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1438

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1441

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1457

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1463

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1468

The post Nadogradnja za Microsoft Windows appeared first on CERT.hr.

Nadogradnja za Microsoft Lync server 2013

čet, 2020-07-16 10:59
  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: W
  • Kategorije: W08, WN7, WN8, W12, W10, W16, W19

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025

The post Nadogradnja za Microsoft Lync server 2013 appeared first on CERT.hr.

Nadogradnja za TypeScript

čet, 2020-07-16 10:58
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: W
  • Kategorije: W08, WN7, WN8, W12, W10, W16, W19

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416

The post Nadogradnja za TypeScript appeared first on CERT.hr.

Nadogradnja za Forefront Endpoint Protection 2010

čet, 2020-07-16 10:57
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: W
  • Kategorije: W08, WN7, WN8, W12, W10, W16, W19

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461

The post Nadogradnja za Forefront Endpoint Protection 2010 appeared first on CERT.hr.

Sigurnosni nedostatak programskog paketa file

uto, 2020-07-07 15:22
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LRH

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Low: file security update
Advisory ID: RHSA-2020:2838-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2838
Issue date: 2020-07-07
CVE Names: CVE-2018-10360
=====================================================================

1. Summary:

An update for file is now available for Red Hat Enterprise Linux 7.6
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) – noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) – x86_64
Red Hat Enterprise Linux Server EUS (v. 7.6) – noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.6) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) – aarch64, noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) – aarch64, ppc64le, s390x

3. Description:

The file command is used to identify a particular file according to the
type of data the file contains. It can identify many different file types,
including Executable and Linkable Format (ELF) binary files, system
libraries, RPM packages, and different graphics formats.

Security Fix(es):

* file: out-of-bounds read via a crafted ELF file (CVE-2018-10360)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1590000 – CVE-2018-10360 file: out-of-bounds read via a crafted ELF file

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):

Source:
file-5.11-35.el7_6.1.src.rpm

noarch:
python-magic-5.11-35.el7_6.1.noarch.rpm

x86_64:
file-5.11-35.el7_6.1.x86_64.rpm
file-debuginfo-5.11-35.el7_6.1.i686.rpm
file-debuginfo-5.11-35.el7_6.1.x86_64.rpm
file-libs-5.11-35.el7_6.1.i686.rpm
file-libs-5.11-35.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):

x86_64:
file-debuginfo-5.11-35.el7_6.1.i686.rpm
file-debuginfo-5.11-35.el7_6.1.x86_64.rpm
file-devel-5.11-35.el7_6.1.i686.rpm
file-devel-5.11-35.el7_6.1.x86_64.rpm
file-static-5.11-35.el7_6.1.i686.rpm
file-static-5.11-35.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
file-5.11-35.el7_6.1.src.rpm

noarch:
python-magic-5.11-35.el7_6.1.noarch.rpm

ppc64:
file-5.11-35.el7_6.1.ppc64.rpm
file-debuginfo-5.11-35.el7_6.1.ppc.rpm
file-debuginfo-5.11-35.el7_6.1.ppc64.rpm
file-libs-5.11-35.el7_6.1.ppc.rpm
file-libs-5.11-35.el7_6.1.ppc64.rpm

ppc64le:
file-5.11-35.el7_6.1.ppc64le.rpm
file-debuginfo-5.11-35.el7_6.1.ppc64le.rpm
file-libs-5.11-35.el7_6.1.ppc64le.rpm

s390x:
file-5.11-35.el7_6.1.s390x.rpm
file-debuginfo-5.11-35.el7_6.1.s390.rpm
file-debuginfo-5.11-35.el7_6.1.s390x.rpm
file-libs-5.11-35.el7_6.1.s390.rpm
file-libs-5.11-35.el7_6.1.s390x.rpm

x86_64:
file-5.11-35.el7_6.1.x86_64.rpm
file-debuginfo-5.11-35.el7_6.1.i686.rpm
file-debuginfo-5.11-35.el7_6.1.x86_64.rpm
file-libs-5.11-35.el7_6.1.i686.rpm
file-libs-5.11-35.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
file-5.11-35.el7_6.1.src.rpm

aarch64:
file-5.11-35.el7_6.1.aarch64.rpm
file-debuginfo-5.11-35.el7_6.1.aarch64.rpm
file-libs-5.11-35.el7_6.1.aarch64.rpm

noarch:
python-magic-5.11-35.el7_6.1.noarch.rpm

ppc64le:
file-5.11-35.el7_6.1.ppc64le.rpm
file-debuginfo-5.11-35.el7_6.1.ppc64le.rpm
file-libs-5.11-35.el7_6.1.ppc64le.rpm

s390x:
file-5.11-35.el7_6.1.s390x.rpm
file-debuginfo-5.11-35.el7_6.1.s390.rpm
file-debuginfo-5.11-35.el7_6.1.s390x.rpm
file-libs-5.11-35.el7_6.1.s390.rpm
file-libs-5.11-35.el7_6.1.s390x.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.6):

ppc64:
file-debuginfo-5.11-35.el7_6.1.ppc.rpm
file-debuginfo-5.11-35.el7_6.1.ppc64.rpm
file-devel-5.11-35.el7_6.1.ppc.rpm
file-devel-5.11-35.el7_6.1.ppc64.rpm
file-static-5.11-35.el7_6.1.ppc.rpm
file-static-5.11-35.el7_6.1.ppc64.rpm

ppc64le:
file-debuginfo-5.11-35.el7_6.1.ppc64le.rpm
file-devel-5.11-35.el7_6.1.ppc64le.rpm
file-static-5.11-35.el7_6.1.ppc64le.rpm

s390x:
file-debuginfo-5.11-35.el7_6.1.s390.rpm
file-debuginfo-5.11-35.el7_6.1.s390x.rpm
file-devel-5.11-35.el7_6.1.s390.rpm
file-devel-5.11-35.el7_6.1.s390x.rpm
file-static-5.11-35.el7_6.1.s390.rpm
file-static-5.11-35.el7_6.1.s390x.rpm

x86_64:
file-debuginfo-5.11-35.el7_6.1.i686.rpm
file-debuginfo-5.11-35.el7_6.1.x86_64.rpm
file-devel-5.11-35.el7_6.1.i686.rpm
file-devel-5.11-35.el7_6.1.x86_64.rpm
file-static-5.11-35.el7_6.1.i686.rpm
file-static-5.11-35.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64:
file-debuginfo-5.11-35.el7_6.1.aarch64.rpm
file-devel-5.11-35.el7_6.1.aarch64.rpm
file-static-5.11-35.el7_6.1.aarch64.rpm

ppc64le:
file-debuginfo-5.11-35.el7_6.1.ppc64le.rpm
file-devel-5.11-35.el7_6.1.ppc64le.rpm
file-static-5.11-35.el7_6.1.ppc64le.rpm

s390x:
file-debuginfo-5.11-35.el7_6.1.s390.rpm
file-debuginfo-5.11-35.el7_6.1.s390x.rpm
file-devel-5.11-35.el7_6.1.s390.rpm
file-devel-5.11-35.el7_6.1.s390x.rpm
file-static-5.11-35.el7_6.1.s390.rpm
file-static-5.11-35.el7_6.1.s390x.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-10360
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXwRNYNzjgjWX9erEAQgLixAAoMfaThaU1PnaQbMB8PzCUHCGclpashCN
YNEOdttu0HQlDy5AW1S18Z4yjP1l/JnUWNLrvGTzHFaiiUvOWgzg3Df/R8WNkkQT
+MvDkrhkDO7FSvtmVZ7NvYJNALhZdBdpIIXlSFCUzGdNYEjUVwphjI9AFqKC3x2T
zifk4TfQ4zkd1RFdvqvoj0S24RBPC8BYPGeAsUb4Sys77Qh2Qb5Vl4mi3tUFUNNy
IMox/yewQwTtKVfIpZW0fMfxZwquSu9aV798xIAKYZwilEdZtEncbA7KWjEiZzx7
Q4b/NKAJZseHw10GcYULM4Q1k+ZIQC1zayPRsh1HqAmGRP9GUd3H95DMliFaRl1G
bR54OwZbbaJBQ9XTTS1yIxK4OK1fxeo28ZqZdMCsbVmSMKi9amCqTon4X+0/+pUZ
nWh0bewWigMLnOr5xLdCAp6/QA9AC4IsW5tu0oTMO82jgqSNQiVsdtu4FYdgjZxm
lW81CXMW0SUdISTf9rCRex4J/7xqVT/cbcZrbG7dzFKzjp1EyzlfiWbRo+Sl8z5X
+75yF5b3L86qG21c8/7vO56WVt+bMJz2vc8eoT9nZaEagUw/mXZeXCYbuAfd31G5
WjHYgnP7DwhNKmxAASoBcBjyWNeMz0nxzPUQl0HEWbHFR+S9RX+mzQVk0JZwyXme
K4ZvI8Lbha0=
=PL2r
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

The post Sigurnosni nedostatak programskog paketa file appeared first on CERT.hr.

Stranice