CERT RSS
Sigurnosni nedostaci programskog paketa thunderbird
- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LRH
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:2966-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2966
Issue date: 2020-07-16
CVE Names: CVE-2020-12418 CVE-2020-12419 CVE-2020-12420
CVE-2020-12421
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) – i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) – i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) – i386, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.10.0.
Security Fix(es):
* Mozilla: Information disclosure due to manipulated URL object
(CVE-2020-12418)
* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)
* Mozilla: Use-After-Free when trying to connect to a STUN server
(CVE-2020-12420)
* Mozilla: Add-On updates did not respect the same certificate trust rules
as software updates (CVE-2020-12421)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1853015 – CVE-2020-12418 Mozilla: Information disclosure due to manipulated URL object
1853016 – CVE-2020-12419 Mozilla: Use-after-free in nsGlobalWindowInner
1853017 – CVE-2020-12420 Mozilla: Use-After-Free when trying to connect to a STUN server
1853018 – CVE-2020-12421 Mozilla: Add-On updates did not respect the same certificate trust rules as software updates
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
thunderbird-68.10.0-1.el6_10.src.rpm
i386:
thunderbird-68.10.0-1.el6_10.i686.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.i686.rpm
x86_64:
thunderbird-68.10.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
thunderbird-68.10.0-1.el6_10.src.rpm
i386:
thunderbird-68.10.0-1.el6_10.i686.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.i686.rpm
ppc64:
thunderbird-68.10.0-1.el6_10.ppc64.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.ppc64.rpm
s390x:
thunderbird-68.10.0-1.el6_10.s390x.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.s390x.rpm
x86_64:
thunderbird-68.10.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
thunderbird-68.10.0-1.el6_10.src.rpm
i386:
thunderbird-68.10.0-1.el6_10.i686.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.i686.rpm
x86_64:
thunderbird-68.10.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-68.10.0-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-12418
https://access.redhat.com/security/cve/CVE-2020-12419
https://access.redhat.com/security/cve/CVE-2020-12420
https://access.redhat.com/security/cve/CVE-2020-12421
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXxAD6tzjgjWX9erEAQgdfA/+NI92uVEITQvCmwzc6yd4dGO/pIaKhwXa
R7dNZZpdbdz4tPGvFGBAJygBdd3RTO0CDZa7IpDpVhRvTXGOc+iT+DLAOvsjynDj
4Sl5u0XBW3NEnCViJ0pLnXtFqNN77QFSJkC5YW6ThEwmp818YGOvm18pL48ZUQ5D
xrAj8jwWLgnXhe3Coq/v4gV4VjZ8jqDjjkiQsNCbFAZIuH14RCfr2WAtUaeOsJVj
Tp6mQx9P0hj9sHwYISg78bxawnVGuoEOvidV11BEsg5dZC51n+WdHB9Uy4I8Ykz9
li3IC0Q9AJBL6HDHotPBFSrIuVM62JnUUJGZfmUTq3wqB5cWGiod68XTYl3HIkLz
NHyDcHM5ZtMBVDnfKCXEOhDXqf4gOhH1hVwB5feI1xnih9niTVm+ZTvKoRMn5bYm
xx9ISnz1bjszjADEWKfg3dbeldMe4nA/F7GBG721LS1XOeTWQcoAnPGrPCRiz2dS
d7sYIucApYHYnMdD8Gs//USrA/93KuAng8Ru8kBACtWgROLamke3P6II1R8crKpz
Bxwy7qsIMkvfdZjWgPdn9q9G5hQ8ixeCr2JzMCueXOn6+EuW/OPJ9MDwxZRHfSOK
dgHMaBZeURN+36RoNozeXjARE+ohOy6ymAspEPG4NRuTsDLaTPpymi1pbZwdzwkc
Mj/hEuNtfa0=
=bFq2
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
The post Sigurnosni nedostaci programskog paketa thunderbird appeared first on CERT.hr.
Sigurnosni nedostaci programskog paketa sane-backends
- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LRH
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: sane-backends security update
Advisory ID: RHSA-2020:2967-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2967
Issue date: 2020-07-16
CVE Names: CVE-2020-12861 CVE-2020-12865
=====================================================================
1. Summary:
An update for sane-backends is now available for Red Hat Enterprise Linux
8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.1) – aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
Scanner Access Now Easy (SANE) is a universal scanner interface. The SANE
application programming interface (API) provides standardized access to any
raster image scanner hardware (for example, flatbed scanners, hand-held
scanners, video and still cameras, and frame-grabbers).
Security Fix(es):
* sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c
(CVE-2020-12861)
* sane-backends: Heap buffer overflow in esci2_img (CVE-2020-12865)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1850556 – CVE-2020-12861 sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c
1850598 – CVE-2020-12865 sane-backends: Heap buffer overflow in esci2_img
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.1):
Source:
sane-backends-1.0.27-19.el8_1.1.src.rpm
aarch64:
sane-backends-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-daemon-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-daemon-debuginfo-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-debuginfo-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-debugsource-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-devel-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-drivers-cameras-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-drivers-scanners-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-libs-1.0.27-19.el8_1.1.aarch64.rpm
sane-backends-libs-debuginfo-1.0.27-19.el8_1.1.aarch64.rpm
noarch:
sane-backends-doc-1.0.27-19.el8_1.1.noarch.rpm
ppc64le:
sane-backends-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-daemon-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-daemon-debuginfo-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-debuginfo-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-debugsource-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-devel-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-drivers-cameras-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-drivers-scanners-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-libs-1.0.27-19.el8_1.1.ppc64le.rpm
sane-backends-libs-debuginfo-1.0.27-19.el8_1.1.ppc64le.rpm
s390x:
sane-backends-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-daemon-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-daemon-debuginfo-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-debuginfo-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-debugsource-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-devel-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-drivers-cameras-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-drivers-scanners-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-libs-1.0.27-19.el8_1.1.s390x.rpm
sane-backends-libs-debuginfo-1.0.27-19.el8_1.1.s390x.rpm
x86_64:
sane-backends-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-daemon-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-daemon-debuginfo-1.0.27-19.el8_1.1.i686.rpm
sane-backends-daemon-debuginfo-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-debuginfo-1.0.27-19.el8_1.1.i686.rpm
sane-backends-debuginfo-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-debugsource-1.0.27-19.el8_1.1.i686.rpm
sane-backends-debugsource-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-devel-1.0.27-19.el8_1.1.i686.rpm
sane-backends-devel-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-drivers-cameras-1.0.27-19.el8_1.1.i686.rpm
sane-backends-drivers-cameras-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_1.1.i686.rpm
sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-drivers-scanners-1.0.27-19.el8_1.1.i686.rpm
sane-backends-drivers-scanners-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_1.1.i686.rpm
sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-libs-1.0.27-19.el8_1.1.i686.rpm
sane-backends-libs-1.0.27-19.el8_1.1.x86_64.rpm
sane-backends-libs-debuginfo-1.0.27-19.el8_1.1.i686.rpm
sane-backends-libs-debuginfo-1.0.27-19.el8_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-12861
https://access.redhat.com/security/cve/CVE-2020-12865
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXxACRtzjgjWX9erEAQhLBg//QQkXdgQdICoN2MtyToPgUxzG74VEtgsR
Ba3NyDKMIPznSArqDxqLx89mrmPyY8Hc3HMX3gZTrIwzb6loAJFhjHG2Davn2V/O
PpvR8BK43A2LDQzCcnJhGyX6uFFWA/+zpYIOh1cVNklaUuIoYXEIOFDCPLkvVUjc
zGLeAQw2H5lOhvTvk/9BqzdUYLIMVzLnZ/EptfTOeByNYlNOsWI7LqtQSHParFot
+Ks1cFDFrGgwFT4vK3EFVoU46UQTX/wJvx6+dUxDsjGS5te17Kr969bkBuU+LIOz
0hGkwqRc7r6rzrGBAjpiJr2dMCj98bOmrk3CUl3shKxtZHab78ul6wDz0l0KUyNN
mTDANKGLOsVW48hSm9+mU5mEnXEeQEheYPCdryeR3bUCpP3MEYrktTPI9AHOMBNg
roeryv91CVlfpKsaYWAPHGocEV7i5NhGeGg9dDXIa6I3h3nogd6sWIAoYv8vcWvL
/CA2bqao33PVSnBMxqEb4yZEyGmEGaHWliLP7JvFkkvqvanTxhbSNShx+eCGs9H8
SqGV66+vl3XSThN5NV4UJc/JqDDFe7aYeYZ9gMzhp4vFHYmHCwzrQKR3WkZ44e4P
kVtavjXSqoCoM4B2lyuHj/nzHidxJHy2Z0G8FtRrqAT8hzz93KxlnTf1hr5lpFCC
gFql5B5nO9I=
=3sLe
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
The post Sigurnosni nedostaci programskog paketa sane-backends appeared first on CERT.hr.
Nadogradnja za macOS Catalina i macOS Mojave
- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: M
- Kategorije: APL
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update
2020-004 Mojave, Security Update 2020-004 High Sierra
macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security
Update 2020-004 High Sierra are now available and address the
following:
Audio
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9884: Yu Zhou(@yuzhou6666) of 小鸡帮 working with Trend Micro
Zero Day Initiative
CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab
Audio
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab
CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab
CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab
Clang
Available for: macOS Catalina 10.15.5
Impact: Clang may generate machine code that does not correctly
enforce pointer authentication codes
Description: A logic issue was addressed with improved validation.
CVE-2020-9870: Samuel Groß of Google Project Zero
CoreAudio
Available for: macOS High Sierra 10.13.6
Impact: A buffer overflow may result in arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-9866: Yu Zhou of 小鸡帮 and Jundong Xie of Ant-financial Light-
Year Security Lab
CoreFoundation
Available for: macOS Catalina 10.15.5
Impact: A local user may be able to view sensitive user information
Description: An issue existed in the handling of environment
variables. This issue was addressed with improved validation.
CVE-2020-9934: an anonymous researcher
Crash Reporter
Available for: macOS Catalina 10.15.5
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360
BugCloud
Grpahics Drivers
Available for: macOS Catalina 10.15.5
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9799: ABC Research s.r.o.
Heimdal
Available for: macOS Catalina 10.15.5
Impact: A local user may be able to leak sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2020-9913: Cody Thomas of SpecterOps
ImageIO
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9936: Mickey Jin of Trend Micro
Kernel
Available for: macOS Catalina 10.15.5
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Mail
Available for: macOS Catalina 10.15.5
Impact: A remote attacker can cause a limited out-of-bounds write,
resulting in a denial of service
Description: An input validation issue was addressed.
CVE-2019-19906
Messages
Available for: macOS Catalina 10.15.5
Impact: A user that is removed from an iMessage group could rejoin
the group
Description: An issue existed in the handling of iMessage tapbacks.
The issue was resolved with additional verification.
CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP
High School North (medium.com/@suryanshmansha)
Model I/O
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security
Security
Available for: macOS Catalina 10.15.5
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9864: Alexander Holodny
Vim
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2019-20807: Guilherme de Almeida Suckevicz
Wi-Fi
Available for: macOS Catalina 10.15.5
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud
(bugcloud.360.cn)
Additional recognition
USB Audio
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Installation note:
macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security
Update 2020-004 High Sierra may be obtained from the Mac App Store or
Apple’s Software Downloads web site:
https://support.apple.com/downloads/
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx0ACgkQBz4uGe3y
0M3aXhAAm0hhJpdR0h7uhbtT6LkOuBAYbn0ivAbaB2wzEgZJNXBi9pwd/eL+I1tZ
FsYG2Ux0P7VOXClepKzM/yi2Y9w9JZt/u5jSpps7n4/6k4JpcBT74IBF8A4iUvfQ
DZcd58rTYf7PuO28ZW9FcYVhgMrN1oPheg0yr+ZaM+0wJrBfPg5STX9AwtPw5P4B
aDMYGqv6EQLRiI/cj18/BnLD9kuYq2/fvO/AVjTzAGWVWmY0jpEaaHoeEgSbocNd
qVpobhb8K8aK3PjfocK62hSH9DF0yBQYVsnX+bRmTDqzkWK4FXN6fG2ObiI+9ytq
wJ6RPT9N5rkIsru8iqaYW6vo5eS61tCAxSgsOsWsm9+KAaBLOnrLzago3kQbtnTG
SQBDDSW5w1iI/+kypdCCE67I67psSxPfrDdPU2wG3arQjnE4xm7S4eOE+9cBlKY+
bsNpFcYgShyZ6GnaJ1yVbZgR2zK97xbKYp8xbEOICeCchO1vF31hlDxsMl09UV1U
eYJ3sOqBUxDpUj2vjpP9pB4ocSlHdAENL/5dyWUPlx8wjpnodRX2HsPHonjTqM4y
kgwJjHI26LZWU4icKIPvl8875ksw/sCmKpVZlbF0IRPvd58ITt5rSvUTQulKqVs6
ML/l/uIf4shjBmNz0xdQlzsdctxdnPh1ge1kNfH34X4JgPWVWaM=
=GCJp
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/security-announce/advinp%40cert.hr
This email sent to advinp@cert.hr
The post Nadogradnja za macOS Catalina i macOS Mojave appeared first on CERT.hr.
Sigurnosni nedostatak programskog paketa evolution
- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LDE
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
– ————————————————————————-
Debian Security Advisory DSA-4725-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 15, 2020 https://www.debian.org/security/faq
– ————————————————————————-
Package : evolution-data-server
CVE ID : CVE-2020-14928
Damian Poddebniak and Fabian Ising discovered a response injection
vulnerability in Evolution data server, which could enable MITM
attacks.
For the stable distribution (buster), this problem has been fixed in
version 3.30.5-1+deb10u1.
We recommend that you upgrade your evolution-data-server packages.
For the detailed security status of evolution-data-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/evolution-data-server
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8PaKsACgkQEMKTtsN8
TjYLmg//WHM79x5dSymzSA2l/jUKxEdmTZlo9w64qXj9dR+8rsVfTZb9UgyMLPn2
0+U8xc6Yby3VBxv+6VyEnS1ToMvrpVKrjIBikMFPKbfnXfZGKkulB3hxRZDshJNA
bkgAtAnZsrjPj4aMKkRByq7lJ53NvfS18J+21NP1G7QNxx6lvL2tvlOCqv+VYqaW
NPVtJa7rF7GHWzk87rsAD4aKyrYlAPmtgB4yJIbI+bqWgObZG8Kra1uLkWe96Cgc
Abi0G8xz0K8FXVOSnwJkphWsVp+YaITOhVnb/D3C3j3e6UX3H5OXDMrmodQrX1eE
ZRNHWr2XjL3WWaOIeWYXr8CLwecE/kqtDCuSg2/RVL9QbIlXuOM3+uWwlSpWo5S+
gLjnKgamnnYaqZ1hv9YT+aCdI8HoFPSNeFq+esJyZ/rVnDKK9WwUr+20wDo8Oian
GXtffEGjOnEPc2JiI1OSDwbeSR5vHD4m+L6/1IX/QI7jpu6MoGlgBxcq0lyuXRnN
dg/U9nkFoG+QaJbLt34tLG/DV+c6mZrCOVYvrOuVuD3YqM7uJBmQ7XGlGJfU7PsU
G+3FiOLmBt6M5FhEhphXV0S9Oh1PkNaBR/8MMJJjPACk4nMsrAyZoyqc50b5ehzH
/w/ctYugXMHdoZVmC4HX6e7vKJYFNqsp/q4IKI+l7MA30qHNawU=
=ZEAL
—–END PGP SIGNATURE—–
The post Sigurnosni nedostatak programskog paketa evolution appeared first on CERT.hr.
Sigurnosni nedostaci programskog paketa snapd
- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-4424-1
July 15, 2020
snapd vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
An intended access restriction in snapd could be bypassed by strict mode
snaps.
Software Description:
– snapd: Daemon and tooling that enable snap packages
Details:
It was discovered that cloud-init as managed by snapd on Ubuntu Core 16
and Ubuntu Core 18 devices ran on every boot without restrictions. A
physical attacker could exploit this to craft cloud-init
user-data/meta-data via external media to perform arbitrary changes on
the device to bypass intended security mechanisms such as full disk
encryption. This issue did not affect traditional Ubuntu systems.
(CVE-2020-11933)
It was discovered that snapctl user-open allowed altering the
XDG_DATA_DIRS environment variable when calling the system xdg-open. A
malicious snap could exploit this to bypass intended access restrictions
to control how the host system xdg-open script opens the URL. This issue
did not affect Ubuntu Core systems. (CVE-2020-11934)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
snapd 2.45.1+20.04.2
Ubuntu 19.10:
snapd 2.45.1+19.10.2
Ubuntu 18.04 LTS:
snapd 2.45.1+18.04.2
Ubuntu 16.04 LTS:
snapd 2.45.1ubuntu0.2
In general, a standard system update will make all the necessary changes.
On Ubuntu, snapd will automatically refresh itself to snapd 2.45.2 which
is unaffected.
References:
https://usn.ubuntu.com/4424-1
CVE-2020-11933, CVE-2020-11934
Package Information:
https://launchpad.net/ubuntu/+source/snapd/2.45.1+20.04.2
https://launchpad.net/ubuntu/+source/snapd/2.45.1+19.10.2
https://launchpad.net/ubuntu/+source/snapd/2.45.1+18.04.2
https://launchpad.net/ubuntu/+source/snapd/2.45.1ubuntu0.2
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl8PSN4ACgkQW+PTAFZK
yRgjJg//Wmr/AqJ8osp0f3K/XRbrRWcTQiBl7X3qVUB8YZwJ68UcD3J5V5PikeOC
GIy8zbR8o6cCHemyZUEJNY0aAkxSkf4A2B8KQhdWD1HWaVhVY/3TkbS5k2OL8CZ2
MJ551XinyDFQCEtUPBINu9dVEkML9G7V9NUwyScaebnote/uwAhW3NTvfwLQ2a7V
7BfBk7KNxg2hmea5nacyQXuIWE6e3m9Y3AG5ZTqfAtRR0NL6JxueZ5pYD/qsFp/Q
unp2tmAjuYiYCa1YCUuO7EcNRI16GPJL9Z7g5zIc+vPuKGVbaIkSJFmRVLaRtSVj
+K14zyaZGaXECQde8Hccu17SBgODQhxzeAEtz09804b0Bv7Ng4JbSGljQr7dHczF
wGTgnFUsfgm5mHZRl6bPRI7kRWQ09sA5WCWNO7FxD7iDXDsR0xH2LwRDNNnb1tzD
tMn9zlYrR1YRwKtVy5e0wzChc6pnaSMcmXpDqzvPSEYXsaz947hAV3XZKlYrZ1Fr
h9nu1FHtj69POWUkaMW8rcQiKKvYGMGhegvVtZ2uubJlsWIIA5+3upkAKJNLlBTo
2wIMg/YONyyfQsxwBdcnGC5ZNS44nBsGpxW2THwT1JuRbSisYB4MShsAWYmPhUtR
squehvF8juiilLXrBpw09sSdACIPjY/gG7twzcYufsh+/tC5jpo=
=AxQj
—–END PGP SIGNATURE—–
—
The post Sigurnosni nedostaci programskog paketa snapd appeared first on CERT.hr.
Ranjivosti više Cisco proizvoda
- Detalji os-a: WN7
- Važnost: URG
- Operativni sustavi: L
- Kategorije: CIS
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-July-15.
The following PSIRT security advisories (5 Critical, 11 High) were published at 16:00 UTC today.
Table of Contents:
1) Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability – SIR: Critical
2) Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability – SIR: Critical
3) Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability – SIR: Critical
4) Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability – SIR: Critical
5) Cisco Prime License Manager Privilege Escalation Vulnerability – SIR: Critical
6) Cisco SD-WAN vManage Software Command Injection Vulnerability – SIR: High
7) Cisco SD-WAN Solution Software Denial of Service Vulnerability – SIR: High
8) Cisco SD-WAN vManage Software Remote Code Execution Vulnerability – SIR: High
9) Cisco SD-WAN vEdge Routers Denial of Service Vulnerability – SIR: High
10) Cisco SD-WAN vManage Software Directory Traversal Vulnerability – SIR: High
11) Cisco SD-WAN vEdge Routers Denial of Service Vulnerability – SIR: High
12) Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability – SIR: High
13) Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Remote Code Execution and Denial of Service Vulnerability – SIR: High
14) Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability – SIR: High
15) Cisco SD-WAN Solution Software Static Credentials Vulnerability – SIR: High
16) Cisco RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Multiple Vulnerabilities – SIR: High
+——————————————————————–
1) Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
CVE-2020-3323
SIR: Critical
CVSS Score v(3.0): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp”]
+——————————————————————–
2) Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability
CVE-2020-3331
SIR: Critical
CVSS Score v(3.0): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb”]
+——————————————————————–
3) Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability
CVE-2020-3330
SIR: Critical
CVSS Score v(3.0): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv110w-static-cred-BMTWBWTy [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv110w-static-cred-BMTWBWTy”]
+——————————————————————–
4) Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability
CVE-2020-3144
SIR: Critical
CVSS Score v(3.0): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-auth-bypass-cGv9EruZ [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-auth-bypass-cGv9EruZ”]
+——————————————————————–
5) Cisco Prime License Manager Privilege Escalation Vulnerability
CVE-2020-3140
SIR: Critical
CVSS Score v(3.0): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA”]
+——————————————————————–
6) Cisco SD-WAN vManage Software Command Injection Vulnerability
CVE-2020-3388
SIR: High
CVSS Score v(3.0): 7.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clibypvman-sKcLf2L [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clibypvman-sKcLf2L”]
+——————————————————————–
7) Cisco SD-WAN Solution Software Denial of Service Vulnerability
CVE-2020-3351
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-dos-KWOdyHnB [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-dos-KWOdyHnB”]
+——————————————————————–
8) Cisco SD-WAN vManage Software Remote Code Execution Vulnerability
CVE-2020-3387
SIR: High
CVSS Score v(3.0): 7.5
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanrce-4jtWT28P [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanrce-4jtWT28P”]
+——————————————————————–
9) Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
CVE-2020-3385
SIR: High
CVSS Score v(3.0): 7.4
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vedgfpdos-PkqQrnwV [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vedgfpdos-PkqQrnwV”]
+——————————————————————–
10) Cisco SD-WAN vManage Software Directory Traversal Vulnerability
CVE-2020-3381
SIR: High
CVSS Score v(3.0): 8.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmdirtrav-eFdAxsJg [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmdirtrav-eFdAxsJg”]
+——————————————————————–
11) Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
CVE-2020-3369
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f”]
+——————————————————————–
12) Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability
CVE-2020-3358
SIR: High
CVSS Score v(3.1): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-dos-ZN5GvNH7 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-dos-ZN5GvNH7”]
+——————————————————————–
13) Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Remote Code Execution and Denial of Service Vulnerability
CVE-2020-3357
SIR: High
CVSS Score v(3.1): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rce-dos-9ZAjkx4 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rce-dos-9ZAjkx4”]
+——————————————————————–
14) Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability
CVE-2020-3332
SIR: High
CVSS Score v(3.0): 8.1
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy”]
+——————————————————————–
15) Cisco SD-WAN Solution Software Static Credentials Vulnerability
CVE-2020-3180
SIR: High
CVSS Score v(3.0): 8.4
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdscred-HfWWfqBj [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdscred-HfWWfqBj”]
+——————————————————————–
16) Cisco RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Multiple Vulnerabilities
CVE-2020-3145, CVE-2020-3146
SIR: High
CVSS Score v(3.0): 8.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-m4FEEGWX [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-m4FEEGWX”]
—–BEGIN PGP SIGNATURE—–
iQKDBAEBAgBtBQJfDyiVZhxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDIwLTIwMjEgW3JlZnJl
c2hdKSA8cHNpcnRAY2lzY28uY29tPgAKCRCbFvaOC+BFegCND/kBZ1uXA9OFYJTl
NHRxwpNkfWP7CjjzDjO2LlIHjwEZXgrbILaJtXbquku9uz077tyBJrnqDqepDBYH
ZG3L43XLf8d4KjlWYVbbEfgDzOnbbztZTsTbpIjsPrdWBbWN2rouSDpNy9TxCpjU
o5m0V5Bw6rYOVwxU08S5sASTnC4ZIYTcdos7BSgc8NeoMveXyxxJYMd9a7ujRhFT
kS8CdqOFLm2M8QEJ9wYtsdLRqx9GAosJr4OSNHdl81op0A+yB0GTk5mLl9+qS5Nu
F6MvwWX3VJ7HS3lMmBneFvO1Wl+pSwpRfa76Jky1FrK/WTfbrCvpBngwVWWXQJQY
BfUCkvDYtiNHIxpfGecx6DDe+DFajG//Yry/flvGt40FHz+Mq3S7yTj/oWxcq3fI
cNbxUb1dfygIPCusEOnXSPjRrIl5CdFYUooGuY537B8IdPkv00sOU05Vm2cfThKE
wZR8gVMpP7ChnVub+lwSftkqIFxPBcbxEXZKdyt48duXLLsSd68N21/Ap84p7mzO
W4xUrYZZhXUPPdtR7V7pcjLuP68qFP1gWFV4T21CKN52EUpA8sAgWg6XXqjOq8tR
QHfqPlP3SKhPglaiH8rcA4bNDTfudcGY1VXyHoq74qqybDqHyIoJD998Xi17j2sa
9BB9N7wgMg0h7sibrh+jVoctTgIJbA==
=B648
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com
The post Ranjivosti više Cisco proizvoda appeared first on CERT.hr.
Nadogradnja za Microsoft System Center
- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: W
- Kategorije: W08, WN7, WN8, W12, W10, W16, W19
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461
The post Nadogradnja za Microsoft System Center appeared first on CERT.hr.
Nadogradnja za Microsoft Sharepoint
- Detalji os-a: WN7
- Važnost: URG
- Operativni sustavi: W
- Kategorije: W08, WN7, WN8, W12, W10, W16, W19
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1450
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1451
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1454
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1456
The post Nadogradnja za Microsoft Sharepoint appeared first on CERT.hr.
Nadogradnja za Microsoft Security Essentials
- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: W
- Kategorije: W08, WN7, WN8, W12, W10, W16, W19
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461
The post Nadogradnja za Microsoft Security Essentials appeared first on CERT.hr.
Sigurnosni nedostaci programskog paketa Office for Mac
- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: M
- Kategorije: APL
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1409
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447
The post Sigurnosni nedostaci programskog paketa Office for Mac appeared first on CERT.hr.
Nadogradnja za Windows Defender
- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: W
- Kategorije: W08, WN7, WN8, W12, W10, W16, W19
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461
The post Nadogradnja za Windows Defender appeared first on CERT.hr.
Nadogradnja za Microsoft Project
- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: W
- Kategorije: W08, WN7, WN8, W12, W10, W16, W19
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1449
The post Nadogradnja za Microsoft Project appeared first on CERT.hr.
Nadogradnja za Microsoft Windows
- Detalji os-a: WN7
- Važnost: URG
- Operativni sustavi: W
- Kategorije: W08, WN7, WN8, W12, W10, W16, W19
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200008
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1032
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1040
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1041
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1042
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1043
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1085
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1249
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1267
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1330
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1333
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1336
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1344
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1346
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1347
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1351
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1352
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1353
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1354
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1355
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1356
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1357
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1358
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1359
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1360
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1361
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1362
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1363
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1364
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1365
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1366
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1367
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1368
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1369
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1370
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1371
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1372
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1373
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1374
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1375
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1381
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1382
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1384
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1385
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1386
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1387
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1388
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1389
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1390
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1391
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1392
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1394
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1395
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1396
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1397
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1398
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1399
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1400
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1401
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1402
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1404
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1405
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1406
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1407
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1408
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1409
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1410
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1411
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1412
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1413
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1414
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1415
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1418
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1419
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1420
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1421
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1422
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1423
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1424
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1425
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1426
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1427
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1428
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1429
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1430
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1431
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1434
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1435
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1437
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1438
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1441
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1457
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1463
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1468
The post Nadogradnja za Microsoft Windows appeared first on CERT.hr.
Nadogradnja za Microsoft Lync server 2013
- Detalji os-a: WN7
- Važnost: URG
- Operativni sustavi: W
- Kategorije: W08, WN7, WN8, W12, W10, W16, W19
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025
The post Nadogradnja za Microsoft Lync server 2013 appeared first on CERT.hr.
Nadogradnja za TypeScript
- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: W
- Kategorije: W08, WN7, WN8, W12, W10, W16, W19
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416
The post Nadogradnja za TypeScript appeared first on CERT.hr.
Nadogradnja za Forefront Endpoint Protection 2010
- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: W
- Kategorije: W08, WN7, WN8, W12, W10, W16, W19
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461
The post Nadogradnja za Forefront Endpoint Protection 2010 appeared first on CERT.hr.
Sigurnosni nedostatak programskog paketa file
- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LRH
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Low: file security update
Advisory ID: RHSA-2020:2838-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2838
Issue date: 2020-07-07
CVE Names: CVE-2018-10360
=====================================================================
1. Summary:
An update for file is now available for Red Hat Enterprise Linux 7.6
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) – noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) – x86_64
Red Hat Enterprise Linux Server EUS (v. 7.6) – noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.6) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) – aarch64, noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) – aarch64, ppc64le, s390x
3. Description:
The file command is used to identify a particular file according to the
type of data the file contains. It can identify many different file types,
including Executable and Linkable Format (ELF) binary files, system
libraries, RPM packages, and different graphics formats.
Security Fix(es):
* file: out-of-bounds read via a crafted ELF file (CVE-2018-10360)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1590000 – CVE-2018-10360 file: out-of-bounds read via a crafted ELF file
6. Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):
Source:
file-5.11-35.el7_6.1.src.rpm
noarch:
python-magic-5.11-35.el7_6.1.noarch.rpm
x86_64:
file-5.11-35.el7_6.1.x86_64.rpm
file-debuginfo-5.11-35.el7_6.1.i686.rpm
file-debuginfo-5.11-35.el7_6.1.x86_64.rpm
file-libs-5.11-35.el7_6.1.i686.rpm
file-libs-5.11-35.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):
x86_64:
file-debuginfo-5.11-35.el7_6.1.i686.rpm
file-debuginfo-5.11-35.el7_6.1.x86_64.rpm
file-devel-5.11-35.el7_6.1.i686.rpm
file-devel-5.11-35.el7_6.1.x86_64.rpm
file-static-5.11-35.el7_6.1.i686.rpm
file-static-5.11-35.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.6):
Source:
file-5.11-35.el7_6.1.src.rpm
noarch:
python-magic-5.11-35.el7_6.1.noarch.rpm
ppc64:
file-5.11-35.el7_6.1.ppc64.rpm
file-debuginfo-5.11-35.el7_6.1.ppc.rpm
file-debuginfo-5.11-35.el7_6.1.ppc64.rpm
file-libs-5.11-35.el7_6.1.ppc.rpm
file-libs-5.11-35.el7_6.1.ppc64.rpm
ppc64le:
file-5.11-35.el7_6.1.ppc64le.rpm
file-debuginfo-5.11-35.el7_6.1.ppc64le.rpm
file-libs-5.11-35.el7_6.1.ppc64le.rpm
s390x:
file-5.11-35.el7_6.1.s390x.rpm
file-debuginfo-5.11-35.el7_6.1.s390.rpm
file-debuginfo-5.11-35.el7_6.1.s390x.rpm
file-libs-5.11-35.el7_6.1.s390.rpm
file-libs-5.11-35.el7_6.1.s390x.rpm
x86_64:
file-5.11-35.el7_6.1.x86_64.rpm
file-debuginfo-5.11-35.el7_6.1.i686.rpm
file-debuginfo-5.11-35.el7_6.1.x86_64.rpm
file-libs-5.11-35.el7_6.1.i686.rpm
file-libs-5.11-35.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source:
file-5.11-35.el7_6.1.src.rpm
aarch64:
file-5.11-35.el7_6.1.aarch64.rpm
file-debuginfo-5.11-35.el7_6.1.aarch64.rpm
file-libs-5.11-35.el7_6.1.aarch64.rpm
noarch:
python-magic-5.11-35.el7_6.1.noarch.rpm
ppc64le:
file-5.11-35.el7_6.1.ppc64le.rpm
file-debuginfo-5.11-35.el7_6.1.ppc64le.rpm
file-libs-5.11-35.el7_6.1.ppc64le.rpm
s390x:
file-5.11-35.el7_6.1.s390x.rpm
file-debuginfo-5.11-35.el7_6.1.s390.rpm
file-debuginfo-5.11-35.el7_6.1.s390x.rpm
file-libs-5.11-35.el7_6.1.s390.rpm
file-libs-5.11-35.el7_6.1.s390x.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.6):
ppc64:
file-debuginfo-5.11-35.el7_6.1.ppc.rpm
file-debuginfo-5.11-35.el7_6.1.ppc64.rpm
file-devel-5.11-35.el7_6.1.ppc.rpm
file-devel-5.11-35.el7_6.1.ppc64.rpm
file-static-5.11-35.el7_6.1.ppc.rpm
file-static-5.11-35.el7_6.1.ppc64.rpm
ppc64le:
file-debuginfo-5.11-35.el7_6.1.ppc64le.rpm
file-devel-5.11-35.el7_6.1.ppc64le.rpm
file-static-5.11-35.el7_6.1.ppc64le.rpm
s390x:
file-debuginfo-5.11-35.el7_6.1.s390.rpm
file-debuginfo-5.11-35.el7_6.1.s390x.rpm
file-devel-5.11-35.el7_6.1.s390.rpm
file-devel-5.11-35.el7_6.1.s390x.rpm
file-static-5.11-35.el7_6.1.s390.rpm
file-static-5.11-35.el7_6.1.s390x.rpm
x86_64:
file-debuginfo-5.11-35.el7_6.1.i686.rpm
file-debuginfo-5.11-35.el7_6.1.x86_64.rpm
file-devel-5.11-35.el7_6.1.i686.rpm
file-devel-5.11-35.el7_6.1.x86_64.rpm
file-static-5.11-35.el7_6.1.i686.rpm
file-static-5.11-35.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64:
file-debuginfo-5.11-35.el7_6.1.aarch64.rpm
file-devel-5.11-35.el7_6.1.aarch64.rpm
file-static-5.11-35.el7_6.1.aarch64.rpm
ppc64le:
file-debuginfo-5.11-35.el7_6.1.ppc64le.rpm
file-devel-5.11-35.el7_6.1.ppc64le.rpm
file-static-5.11-35.el7_6.1.ppc64le.rpm
s390x:
file-debuginfo-5.11-35.el7_6.1.s390.rpm
file-debuginfo-5.11-35.el7_6.1.s390x.rpm
file-devel-5.11-35.el7_6.1.s390.rpm
file-devel-5.11-35.el7_6.1.s390x.rpm
file-static-5.11-35.el7_6.1.s390.rpm
file-static-5.11-35.el7_6.1.s390x.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-10360
https://access.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXwRNYNzjgjWX9erEAQgLixAAoMfaThaU1PnaQbMB8PzCUHCGclpashCN
YNEOdttu0HQlDy5AW1S18Z4yjP1l/JnUWNLrvGTzHFaiiUvOWgzg3Df/R8WNkkQT
+MvDkrhkDO7FSvtmVZ7NvYJNALhZdBdpIIXlSFCUzGdNYEjUVwphjI9AFqKC3x2T
zifk4TfQ4zkd1RFdvqvoj0S24RBPC8BYPGeAsUb4Sys77Qh2Qb5Vl4mi3tUFUNNy
IMox/yewQwTtKVfIpZW0fMfxZwquSu9aV798xIAKYZwilEdZtEncbA7KWjEiZzx7
Q4b/NKAJZseHw10GcYULM4Q1k+ZIQC1zayPRsh1HqAmGRP9GUd3H95DMliFaRl1G
bR54OwZbbaJBQ9XTTS1yIxK4OK1fxeo28ZqZdMCsbVmSMKi9amCqTon4X+0/+pUZ
nWh0bewWigMLnOr5xLdCAp6/QA9AC4IsW5tu0oTMO82jgqSNQiVsdtu4FYdgjZxm
lW81CXMW0SUdISTf9rCRex4J/7xqVT/cbcZrbG7dzFKzjp1EyzlfiWbRo+Sl8z5X
+75yF5b3L86qG21c8/7vO56WVt+bMJz2vc8eoT9nZaEagUw/mXZeXCYbuAfd31G5
WjHYgnP7DwhNKmxAASoBcBjyWNeMz0nxzPUQl0HEWbHFR+S9RX+mzQVk0JZwyXme
K4ZvI8Lbha0=
=PL2r
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
The post Sigurnosni nedostatak programskog paketa file appeared first on CERT.hr.