Category Archives: Advisories

Post Title

Read Time:1 Minute, 2 Second

Multiple vulnerabilities have been discovered in F5Networks products, the most severe of which could result in arbitrary code execution.

BIG-IP is a family of products covering software and hardware designed around application availability, access control, and security solutions.
Traffix SDC is a product that provides load balancing and gateway connectivity.
Big-IQ Centralized Management tracks assets and manages policies for BIG-IP products.
F5 Access for Android is an Android application that allows users to access enterprise networks and applications.
BIG-IP Guided Configuration is a products that provides a way to deploy configurations of BIP-IP APM and Advanced WAF.
The F5OS-A is the operating system software for the F5 rSeries system.
NGINX Service Mesh is a product that allows for traffic control of distributed systems.
BIG-IP APM provides access control and authentication for applications.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

USN-5400-3: MySQL regression

Read Time:42 Second

USN-5400-1 fixed vulnerabilities in MySQL. The fix breaks existing charm configurations.
This updated fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.29 in Ubuntu 20.04 LTS, Ubuntu 21.10, and
Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.38.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-38.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-29.html
https://www.oracle.com/security-alerts/cpuapr2022.html

Read More

USN-5354-2: Twisted vulnerability

Read Time:19 Second

USN-5354-1 fixed vulnerabilities in Twisted. This update provides the
corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that Twisted incorrectly processed SSH handshake data on
connection establishments. A remote attacker could use this issue to cause
Twisted to crash, resulting in a denial of service. (CVE-2022-21716)

Read More

A Vulnerability in C Standard Libraries uClibe and uClibe-ng Could Allow for DNS Poisoning

Read Time:36 Second

A vulnerability which could allow for DNS poisoning attacks has been discovered in the C standard libraries uClibe and uClibe-ng, which are widely used in IoT products. DNS poisoning enables a subsequent Man-in-the-Middle scenario, which can be used to perform actions like stealing information, forcing authenticated responses, as well as installing malicious firmware.
There is currently no CVE listing, nor further details on affected products, as the research group Nozomi Networks is still working with vendors and library developers in finding a solution.
The MS-ISAC believes that due to various mitigating factors, this vulnerability does not pose an immediate threat to our member base. We would, however, like to share relevant details for your situational awareness.

Read More