Network Security

TrustKeeper Scan Engine Update for April 03, 2020

April 03, 2020

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

Ubuntu Apache HTTP Server update (USN-4307-1)

Cisco

Cisco IOS HTTP Proxy Server Memory Leak Vulnerability (CSCtu52820) (CVE-2011-4661)

Drupal

Drupal CKEditor library file Cross Site Scripting Vulnerability(SA-CORE-2020-001)

phpMyAdmin

phpmyAdmin data display SQL Injection Vulnerability (PMASA-2020-4) (CVE-2020-10803)
phpmyAdmin search action SQL Injection Vulnerability (PMASA-2020-3) (CVE-2020-10802)
phpmyAdmin username SQL Injection Vulnerability (PMASA-2020-2) (CVE-2020-10804)

Red Hat

Red Hat Enterprise Linux chromium-browser security update (RHSA-2020:0738) (CVE-2020-6383, CVE-2020-6384, CVE-2020-6386, CVE-2020-6407, CVE-2020-6418, CVE-2020-10531)
Red Hat Enterprise Linux chromium-browser security update (RHSA-2020:0779) (CVE-2020-6420)
Red Hat Enterprise Linux firefox security update (RHSA-2020:0815) (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814)
Red Hat Enterprise Linux firefox security update (RHSA-2020:0816) (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814)
Red Hat Enterprise Linux firefox security update (RHSA-2020:0820) (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814)
Red Hat Enterprise Linux icu security update (RHSA-2020:0896) (CVE-2020-10531)
Red Hat Enterprise Linux icu security update (RHSA-2020:0897) (CVE-2020-10531)
Red Hat Enterprise Linux icu security update (RHSA-2020:0902) (CVE-2020-10531)
Red Hat Enterprise Linux kernel security and bug fix update (RHSA-2020:0790) (CVE-2019-17055, CVE-2019-17133)
Red Hat Enterprise Linux kernel security, bug fix, and enhancement update (RHSA-2020:0834) (CVE-2019-11487, CVE-2019-17666, CVE-2019-19338)
Red Hat Enterprise Linux libvncserver security update (RHSA-2020:0913) (CVE-2019-15690)
Red Hat Enterprise Linux libvncserver security update (RHSA-2020:0920) (CVE-2019-15690)
Red Hat Enterprise Linux python-flask security update (RHSA-2020:0870) (CVE-2018-1000656)
Red Hat Enterprise Linux python-imaging security update (RHSA-2020:0898) (CVE-2020-5312)
Red Hat Enterprise Linux python-pip security update (RHSA-2020:0850) (CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324)
Red Hat Enterprise Linux python-virtualenv security update (RHSA-2020:0851) (CVE-2018-18074, CVE-2018-20060, CVE-2019-11236)
Red Hat Enterprise Linux qemu-kvm security update (RHSA-2020:0775) (CVE-2019-14378, CVE-2019-15890, CVE-2020-7039)
Red Hat Enterprise Linux runc security update (RHSA-2020:0942) (CVE-2019-19921)
Red Hat Enterprise Linux slirp4netns security update (RHSA-2020:0889) (CVE-2019-14378, CVE-2019-15890, CVE-2020-7039, CVE-2020-8608)
Red Hat Enterprise Linux thunderbird security update (RHSA-2020:0905) (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814)
Red Hat Enterprise Linux thunderbird security update (RHSA-2020:0914) (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814)
Red Hat Enterprise Linux thunderbird security update (RHSA-2020:0919) (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814)
Red Hat Enterprise Linux tomcat security update (RHSA-2020:0855) (CVE-2020-1938)
Red Hat Enterprise Linux tomcat6 security update (RHSA-2020:0912) (CVE-2020-1938)
Red Hat Enterprise Linux zsh security update (RHSA-2020:0853) (CVE-2019-20044)
Red Hat Enterprise Linux zsh security update (RHSA-2020:0892) (CVE-2019-20044)
Red Hat Enterprise Linux zsh security update (RHSA-2020:0903) (CVE-2019-20044)

Ubuntu

Ubuntu Apport regression (USN-4171-5) (CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485, CVE-2019-15790)
Ubuntu Ceph vulnerability (USN-4304-1) (CVE-2020-1700)
Ubuntu Dino vulnerabilities (USN-4306-1) (CVE-2019-16235, CVE-2019-16236, CVE-2019-16237)
Ubuntu Firefox vulnerabilities (USN-4299-1) (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6808, CVE-2020-6809, CVE-2020-6810, CVE-2020-6811, CVE-2020-6812, CVE-2020-6813, CVE-2020-6814, CVE-2020-6815)
Ubuntu ICU vulnerability (USN-4305-1) (CVE-2020-10531)
Ubuntu Linux kernel vulnerabilities (USN-4300-1) (CVE-2019-18809, CVE-2019-19043, CVE-2019-19053, CVE-2019-19056, CVE-2019-19058, CVE-2019-19059, CVE-2019-19064, CVE-2019-19066, CVE-2019-19068, CVE-2019-3016, CVE-2020-2732)
Ubuntu Linux kernel vulnerabilities (USN-4301-1) (CVE-2019-19053, CVE-2019-19056, CVE-2019-19058, CVE-2019-19059, CVE-2019-19066, CVE-2019-19068, CVE-2019-3016, CVE-2020-2732)
Ubuntu Linux kernel vulnerabilities (USN-4302-1) (CVE-2019-15217, CVE-2019-19046, CVE-2019-19051, CVE-2019-19056, CVE-2019-19058, CVE-2019-19066, CVE-2019-19068, CVE-2020-2732, CVE-2020-8832)
Ubuntu Linux kernel vulnerability (USN-4303-1) (CVE-2020-2732)
Ubuntu SQLite vulnerabilities (USN-4298-1) (CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753, CVE-2019-19880, CVE-2019-19923, CVE-2019-19924, CVE-2019-19925, CVE-2019-19926, CVE-2019-19959, CVE-2019-20218, CVE-2020-9327)
Ubuntu Twisted vulnerabilities (USN-4308-1) (CVE-2019-12387, CVE-2019-12855, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2020-10108, CVE-2020-10109)
Ubuntu Vim vulnerabilities (USN-4309-1) (CVE-2017-11109, CVE-2017-5953, CVE-2017-6349, CVE-2017-6350, CVE-2018-20786, CVE-2019-20079)

FreeBSD

FreeBSD epair Code Execution Vulnerability (FreeBSD-SA-20:07.epair) (CVE-2020-7452)
FreeBSD ixl Insufficient Privilege Checking Vulnerability (FreeBSD-SA-20:06.if_ixl_ioctl) (CVE-2019-15877)
FreeBSD Kernel Nested Jails Memory Disclosure Vulnerability (FreeBSD-SA-20:08.jail) (CVE-2020-7453)
FreeBSD Kernel oce Insufficient Privilege Checking Vulnerability (FreeBSD-SA-20:05.if_oce_ioctl) (CVE-2019-15876)
FreeBSD NTP Denial of Service Vulnerability (FreeBSD-SA-20:09.ntp)
FreeBSD TCP IPv6 SYN Information Disclosure Vulnerability (FreeBSD-SA-20:04.tcp) (CVE-2020-7451)

Joomla

Joomla Core com_fields Incorrect Access Control (20200305) (CVE-2020-10239)
Joomla Core com_templates Incorrect Access Control (20200303) (CVE-2020-10238)
Joomla Core Featured Articles Menu Parameters SQL Injection (20200306) (CVE-2020-10243)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Latest Software Updates

CVT Deployment 1.106.0-1

Summary The latest update to the Fusion scan engine that powers our internal and external vulnerability scanning is now available. Enjoy!

CVT Deployment 1.107.0-1

Summary The latest update to the Fusion scan engine that powers our internal and external vulnerability scanning is now available. Enjoy!

Web Application Security – ModSecurity Commercial Rules, Update for March 2024

Overview for rules released by Trustwave SpiderLabs in March for ModSecurity Commercial Rules package. The rules are available for versions 2.9.x and 3.x of ModSecurity.

Experiencing a security breach?

Experiencing a security breach?

TrustKeeper Scan Engine Update for April 03, 2020

Summary

New Vulnerability Test Highlights

Apache

Cisco

Drupal

phpMyAdmin

Red Hat

Ubuntu

FreeBSD

Joomla

How to Update?

Latest Software Updates

CVT Deployment 1.106.0-1

CVT Deployment 1.107.0-1

Web Application Security – ModSecurity Commercial Rules, Update for March 2024

Stay Informed

Sign up to receive the latest
security news and trends straight
to your inbox from Trustwave.

Experiencing a security breach?

Experiencing a security breach?

TrustKeeper Scan Engine Update for April 03, 2020

Summary

New Vulnerability Test Highlights

Apache

Cisco

Drupal

phpMyAdmin

Red Hat

Ubuntu

FreeBSD

Joomla

How to Update?

Latest Software Updates

CVT Deployment 1.106.0-1

CVT Deployment 1.107.0-1

Web Application Security – ModSecurity Commercial Rules, Update for March 2024

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from Trustwave.

Sign up to receive the latest
security news and trends straight
to your inbox from Trustwave.