INFOSEC | USERSPACE-Linux Aggregate Info

OS: Arch

ArchLinux: 202107-66: jre-openjdk: multiple issues

The package jre-openjdk before version 16.0.2.u7-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.

ArchLinux: 202107-65: jre-openjdk-headless: multiple issues

The package jre-openjdk-headless before version 16.0.2.u7-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.

ArchLinux: 202107-64: lib32-libcurl-gnutls: multiple issues

The package lib32-libcurl-gnutls before version 7.78.0-1 is vulnerable to multiple issues including information disclosure and insufficient validation.

ArchLinux: 202107-63: libcurl-gnutls: multiple issues

The package libcurl-gnutls before version 7.78.0-1 is vulnerable to multiple issues including information disclosure and insufficient validation.

OS: Debian

Debian: DSA-4943-1: lemonldap-ng security update

Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO system. The flaws could result in information disclosure, authentication bypass, or could allow an attacker to increase its authentication level or impersonate another user, especially when lemonldap-ng is configured

Debian: DSA-4942-1: systemd security update

The Qualys Research Labs discovered that an attacker-controlled allocation using the alloca() function could result in memory corruption, allowing to crash systemd and hence the entire operating system.

Debian: DSA-4941-1: linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Debian: DSA-4940-1: thunderbird security update

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the stable distribution (buster), these problems have been fixed in

Exploit-DB.com

[webapps] ElasticSearch 7.13.3 - Memory disclosure
ElasticSearch 7.13.3 - Memory disclosure

[webapps] WordPress Plugin Simple Post 1.1 - 'Text field' Stored Cross-Site Scripting (XSS)
WordPress Plugin Simple Post 1.1 - 'Text field' Stored Cross-Site Scripting (XSS)

[webapps] Microsoft SharePoint Server 2019 - Remote Code Execution (2)
Microsoft SharePoint Server 2019 - Remote Code Execution (2)

[remote] KevinLAB BEMS 1.0 - Undocumented Backdoor Account
KevinLAB BEMS 1.0 - Undocumented Backdoor Account

OS: Debian LTS

Debian LTS: DLA-2719-1: ruby-actionpack-page-caching security update

ooooooo_q discovered that the actionpack_page-caching Ruby gem, a static page caching module for Rails, allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.

Debian LTS: DLA-2716-1: pillow security update

Several vulnerabilities have been discovered in pillow (Python Imaging Library - PIL). Affected binary packages:

Debian LTS: DLA-2713-2: linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Debian LTS: DLA-2714-1: linux-4.19 security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

OS: Scientific

SciLinux: SLSA-2021-2741-1 Important: firefox on SL7.x x86_64

This update upgrades Firefox to version 78.12.0 ESR. * Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970) * Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976) * chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and [More...]

SciLinux: SLSA-2021-2683-1 Important: xstream on SL7.x (noarch)

XStream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 noarch - xstream-1.3.1-14.el7_9.noarch.rpm - xstream-javadoc-1.3.1-14.el7_9.noarch.rpm - Scientific Linux Development Team

SciLinux: SLSA-2021-2658-1 Important: linuxptp on SL7.x x86_64

linuxptp: missing length check of forwarded messages (CVE-2021-3570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 - linuxptp-2.0-2.el7_9.1.x86_64.rpm - linuxptp-debuginfo-2.0-2.el7_9.1.x86_64.rpm - Scientific Linux Development Team

SciLinux: SLSA-2021-2314-1 Important: kernel on SL7.x x86_64

kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648) * kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363) * kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE [More...]

OS: CentOS

CentOS: CESA-2021-2784: Important CentOS 7 java-11-openjdk

Upstream details at : https://access.redhat.com/errata/RHSA-2021:2784

CentOS: CESA-2021-2725: Important CentOS 7 kernel

Upstream details at : https://access.redhat.com/errata/RHSA-2021:2725

CentOS: CESA-2021-2741: Important CentOS 7 firefox

Upstream details at : https://access.redhat.com/errata/RHSA-2021:2741

CentOS: CESA-2021-2683: Important CentOS 7 xstream

Upstream details at : https://access.redhat.com/errata/RHSA-2021:2683

NIST Vulnerability Database

CVE-2021-37436
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations.

CVE-2021-32686
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1.

CVE-2021-32783
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy remotely (a denial of service), or to expose the existence of any Secret that Envoy is using for its configuration, including most notably TLS Keypairs. However, it *cannot* be used to get the *content* of those secrets. Since this attack allows access to the administration interface, a variety of administration options are available, such as shutting down the Envoy or draining traffic. In general, the Envoy admin interface cannot easily be used for making changes to the cluster, in-flight requests, or backend services, but it could be used to shut down or drain Envoy, change traffic routing, or to retrieve secret metadata, as mentioned above. The issue will be addressed in Contour v1.18.0 and a cherry-picked patch release, v1.17.1, has been released to cover users who cannot upgrade at this time. For more details refer to the linked GitHub Security Advisory.

CVE-2021-3169
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.

OS: Redhat

RedHat: RHSA-2021-2866:01 Low: RHV Engine and Host Common Packages security

Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

RedHat: RHSA-2021-2865:01 Moderate: RHV Manager (ovirt-engine) security

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

RedHat: RHSA-2021-2736:01 Important: Red Hat Virtualization Host security

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact

RedHat: RHSA-2021-2779:01 Important: OpenJDK 11.0.12 Security Update for

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

OS: Fedora

Fedora 33: podman 2021-0c53d8738d

Security fix for CVE-2021-3602 bump podman to v3.2.3 include podman-machine- cni in podman-plugins subpackage bump crun to 0.20.1 ---- Fix `secrets` definition in /usr/share/containers/containers.conf

Fedora 33: skopeo 2021-0c53d8738d

Fedora 33: containers-common 2021-0c53d8738d

Fedora 33: crun 2021-0c53d8738d

OS: Mageia

Mageia 2021-0367: kernel-linus security update

This kernel-linus update is based on upstream 5.10.52 and fixes atleast the following security issues: There is a race condition in net/can/bcm.c that can lead to local privilege escalation to root (CVE-2021-3609).

Mageia 2021-0366: kernel security update

This kernel update is based on upstream 5.10.52 and fixes atleast the following security issues: There is a race condition in net/can/bcm.c that can lead to local privilege escalation to root (CVE-2021-3609).

Mageia 2021-0365: systemd security update

This systemd update provides the v246.15 maintenance release and fixes atleast the following security issues: An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running

Mageia 2021-0364: wireshark security update

Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file (CVE-2021-22235). References:

OS: Gentoo

Gentoo: GLSA-202107-55: SDL 2: Multiple vulnerabilities

Multiple vulnerabilities have been found in libsdl2, the worst of which could result in a Denial of Service condition.

Gentoo: GLSA-202107-54: libyang: Multiple vulnerabilities

Multiple vulnerabilities have been found in libyang, the worst of which could result in a Denial of Service condition.

Gentoo: GLSA-202107-53: Leptonica: Multiple vulnerabilities

Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition.

Gentoo: GLSA-202107-52: Apache Velocity: Multiple vulnerabilities

Multiple vulnerabilities have been found in Apache Velocity, the worst of which could result in the arbitrary execution of code.

OS: Suse

SUSE: 2021:600-1 suse-sles-15-sp2-chost-byos-v20210722-gen2 Security Update

The container suse-sles-15-sp2-chost-byos-v20210722-gen2 was updated. The following patches have been included in this update:

SUSE: 2021:599-1 sles-15-sp2-chost-byos-v20210722 Security Update

The container sles-15-sp2-chost-byos-v20210722 was updated. The following patches have been included in this update:

SUSE: 2021:598-1 suse-sles-15-sp2-chost-byos-v20210722-hvm-ssd-x86_64 Security Update

The container suse-sles-15-sp2-chost-byos-v20210722-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

SUSE: 2021:274-1 ses/7/rook/ceph Security Update

The container ses/7/rook/ceph was updated. The following patches have been included in this update:

NIST Vulnerability Database

CVE-2021-3169
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.

CVEMAP.ORG: Vulnerabilities & Exposures

Low CVE-2021-2335: Oracle Database
Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N).

Medium CVE-2021-2362: Oracle Field service
Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Field Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Field Service accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

Low CVE-2021-2367: Netapp Oncommand insight
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Low CVE-2021-2358: Oracle Access manager
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Rest interfaces for Access Mgr). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

OS: Slackware

Slackware: 2021-202-02: curl Security Update

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

Slackware: 2021-202-01: Slackware 14.2 kernel Security Update

New kernel packages are available for Slackware 14.2 to fix a security issue.

Slackware: 2021-158-02: polkit Security Update

New polkit packages are available for Slackware 14.2 and -current to fix a security issue.

Slackware: 2021-158-01: httpd Security Update

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.