Web Application Security – ModSecurity Commercial Rules, Update for December 2022 | Trustwave

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Atlassian Jira

• Atlassian Jira Seraph Authentication Bypass Vulnerability (CVE-2022-0540)
• Atlassian Confluence Hardcoded Credentials Vulnerability (CVE-2022-26138)

Debian (Credentialed Checks)

• Debian chromium Security Update (DSA-5180-1) (CVE-2022-2294, CVE-2022-2295, CVE-2022-2296)
• Debian chromium Security Update (DSA-5187-1) (CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479, CVE-2022-2480, CVE-2022-2481)
• Debian djangorestframework Security Update (DSA-5186-1) (CVE-2020-25626)
• Debian gsasl Security Update (DSA-5189-1) (CVE-2022-2469)
• Debian mat2 Security Update (DSA-5185-1) (CVE-2022-35410)
• Debian openjdk-11 Security Update (DSA-5188-1) (CVE-2022-21540, CVE-2022-21541, CVE-2022-34169)
• Debian request-tracker4 Security Update (DSA-5181-1) (CVE-2022-25802)
• Debian webkit2gtk Security Update (DSA-5182-1) (CVE-2022-22677, CVE-2022-26710)
• Debian wpewebkit Security Update (DSA-5183-1) (CVE-2022-22677, CVE-2022-26710)
• Debian xen Security Update (DSA-5184-1) (CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-23816, CVE-2022-23825, CVE-2022-26362, CVE-2022-26363, CVE-2022-26364, CVE-2022-29900)

Oracle

• Critical Patch Update - July 2022 (CVE-2018-25032, CVE-2022-1292, CVE-2022-21455, CVE-2022-21509, CVE-2022-21515, CVE-2022-21517, CVE-2022-21522, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21534, CVE-2022-21537, CVE-2022-21538, CVE-2022-21539, CVE-2022-21547, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569, CVE-2022-27778)

IBM

• IBM WebSphere Application Server Security Update (IBM X-Force ID: 121173) (CVE-2017-1121)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 121549) (CVE-2017-1137)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 122292) (CVE-2017-1151)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 123669) (CVE-2017-1194)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 127151) (CVE-2017-1380)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 127152) (CVE-2017-1381)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 127153) (CVE-2017-1382)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 129576) (CVE-2017-1501)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 129578) (CVE-2017-1503)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 129579) (CVE-2017-1504)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 132342) (CVE-2011-4343, CVE-2017-1583)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 134003) (CVE-2017-1681)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 134912) (CVE-2017-1731)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 134931) (CVE-2017-1741)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 134933) (CVE-2017-1743)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 137031) (CVE-2017-1788)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 143024) (CVE-2018-1567)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 144270) (CVE-2018-1614)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 144346) (CVE-2018-1621)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 144588) (CVE-2018-1643)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 145769) (CVE-2018-1695)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 147292) (CVE-2018-1719)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 148621) (CVE-2018-1767)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 148686) (CVE-2018-1770)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 148800) (CVE-2018-1777)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 148948) (CVE-2018-1793)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 148949) (CVE-2018-1794)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 149427) (CVE-2018-1797)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 149428) (CVE-2018-1798)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 150813) (CVE-2018-1840)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 152530) (CVE-2018-1901)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 152531) (CVE-2018-1902)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 152533) (CVE-2018-1904)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 152534) (CVE-2018-1905)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 152992) (CVE-2018-1926)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 153629) (CVE-2018-1957)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 154650) (CVE-2018-1996)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 155946) (CVE-2019-4030)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 156242) (CVE-2019-4046)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 157380) (CVE-2019-4080)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 160201) (CVE-2019-4268)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 160202) (CVE-2019-4269)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 160203) (CVE-2019-4270)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 160243) (CVE-2019-4271)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 160445) (CVE-2019-4279)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 163177) (CVE-2019-4441)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 163226) (CVE-2019-4442)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 163997) (CVE-2019-4477)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 164364) (CVE-2019-4505)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 171319) (CVE-2019-4670)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 172125) (CVE-2019-4720)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 174397) (CVE-2020-4163)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 175984) (CVE-2020-4276)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 177841) (CVE-2020-4329)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 178929) (CVE-2020-4362)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 178964) (CVE-2020-4365)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 181228) (CVE-2020-4448)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 181230) (CVE-2020-4449)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 181231) (CVE-2020-4450)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 181489) (CVE-2020-4464)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 182808) (CVE-2020-4534)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 184428) (CVE-2020-4576)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 184433) (CVE-2020-4578)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 184585) (CVE-2020-4589)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 185370) (CVE-2020-4629)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 185590) (CVE-2020-4643)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 189213) (CVE-2018-1770, CVE-2020-4782)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 192025) (CVE-2020-4949)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 193556) (CVE-2020-5016)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 194882) (CVE-2021-20353)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 194883) (CVE-2021-20354)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 196648) (CVE-2021-20453)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 196649) (CVE-2021-20454)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 197502) (CVE-2021-20480)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 197793) (CVE-2021-20492)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 201300) (CVE-2021-29736)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 202006) (CVE-2021-29754)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 205202) (CVE-2021-29842)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 211405) (CVE-2021-38951)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 213968) (CVE-2021-39038)
• IBM WebSphere Application Server Security Update (IBM X-Force ID: 220904) (CVE-2022-22365)

Fedora (Credentialed Checks)

• Fedora curl Security Update (FEDORA-2022-1b3d7f6973) (CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208)
• Fedora git Security Update (FEDORA-2022-dfd7e7fc0e) (CVE-2022-29187)
• Fedora gnupg2 Security Update (FEDORA-2022-1124e5882d) (CVE-2022-34903)
• Fedora harfbuzz Security Update (FEDORA-2022-a32f9488a0) (CVE-2022-33068)
• Fedora kernel Security Update (FEDORA-2022-8aab5b5cde) (CVE-2022-23816, CVE-2022-23825, CVE-2022-29900, CVE-2022-29901)
• Fedora kernel Security Update (FEDORA-2022-c69ef9c1dd) (CVE-2022-23816, CVE-2022-23825, CVE-2022-29900, CVE-2022-29901)
• Fedora libtiff Security Update (FEDORA-2022-b9c2a3a2b7) (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
• Fedora libtiff Security Update (FEDORA-2022-edf7301147) (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
• Fedora Multiple Packages Security Update (FEDORA-2022-3969b64d4b) (CVE-2022-1996, CVE-2022-21698, CVE-2022-24675, CVE-2022-28327, CVE-2022-29526)
• Fedora Multiple Packages Security Update (FEDORA-2022-ba365d3703) (CVE-2022-1996, CVE-2022-24675, CVE-2022-27191, CVE-2022-28327, CVE-2022-29526, CVE-2022-30629)
• Fedora openssl Security Update (FEDORA-2022-41890e9e44) (CVE-2022-2068)
• Fedora openssl1.1 Security Update (FEDORA-2022-89a17be281) (CVE-2022-2097)
• Fedora php Security Update (FEDORA-2022-ec0491574d) (CVE-2022-31627)
• Fedora php-laminas-diactoros2 Security Update (FEDORA-2022-794cd592d2) (CVE-2022-31109)
• Fedora python-notebook Security Update (FEDORA-2022-35b698150c) (CVE-2022-24785, CVE-2022-31129)
• Fedora python-notebook Security Update (FEDORA-2022-85aa8e5706) (CVE-2022-24785, CVE-2022-31129)
• Fedora python-ujson Security Update (FEDORA-2022-1b2b8d5177) (CVE-2022-31116, CVE-2022-31117)
• Fedora subversion Security Update (FEDORA-2022-13cc09ecf2) (CVE-2021-28544, CVE-2022-24070)
• Fedora subversion Security Update (FEDORA-2022-2af658b090) (CVE-2021-28544, CVE-2022-24070)
• Fedora vim Security Update (FEDORA-2022-9d7a58e376) (CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2288, CVE-2022-2289, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345)
• Fedora vim Security Update (FEDORA-2022-b06fbea2c7) (CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2288, CVE-2022-2289, CVE-2022-2304)
• Fedora webkit2gtk3 Security Update (FEDORA-2022-6b749525f3) (CVE-2022-22662, CVE-2022-26710)
• Fedora xen Security Update (FEDORA-2022-2c9f8224f8) (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)
• Fedora xen Security Update (FEDORA-2022-3e6ce58029) (CVE-2022-23816, CVE-2022-23825, CVE-2022-29900)
• Fedora xen Security Update (FEDORA-2022-c4ec706488) (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)
• Fedora xorg-x11-server Security Update (FEDORA-2022-6807c29d58) (CVE-2022-2319, CVE-2022-2320)
• Fedora xorg-x11-server-Xwayland Security Update (FEDORA-2022-856bb475b7) (CVE-2022-2319, CVE-2022-2320)

FreeBSD

• FreeBSD chromium Security Update (27cc4258-0805-11ed-8ac1-3065ec8fd3ec) (CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479, CVE-2022-2480, CVE-2022-2481)
• FreeBSD git Security Update (b99f99f6-021e-11ed-8c6f-000c29ffbb6c) (CVE-2022-29187)
• FreeBSD go Security Update (a4f2416c-02a0-11ed-b817-10c37b4ac2ea) (CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148)
• FreeBSD Grafana Security Update (0859e6d5-0415-11ed-a53b-6c3be5272acd) (CVE-2022-31107)
• FreeBSD Grafana Security Update (0c367e98-0415-11ed-a53b-6c3be5272acd) (CVE-2022-31097)
• FreeBSD MySQL Security Update (8e150606-08c9-11ed-856e-d4c9ef517024) (CVE-2018-25032, CVE-2022-1292, CVE-2022-21455, CVE-2022-21509, CVE-2022-21515, CVE-2022-21517, CVE-2022-21519, CVE-2022-21522, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21534, CVE-2022-21535, CVE-2022-21537, CVE-2022-21538, CVE-2022-21539, CVE-2022-21547, CVE-2022-21550, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569, CVE-2022-21824, CVE-2022-27778)
• FreeBSD redis Security Update (871d93f9-06aa-11ed-8d5f-080027f5fec9) (CVE-2022-31144)
• FreeBSD VirtualBox Security Update (e1387e95-08d0-11ed-be26-001999f8d30b) (CVE-2022-21554, CVE-2022-21571)

OpenSSL

• OpenSSL AES OCB Weak Encryption Vulnerability (CVE-2022-2097)
• OpenSSL c_rehash Command Injection Vulnerability (20220621) (CVE-2022-2068)
• OpenSSL RSA Private Key Heap Memory Corruption Vulnerability (CVE-2022-2274)

Oracle

• Oracle Critical Patch Update/Patch Set Update - July 2022 (CVE-2020-26185, CVE-2020-29505, CVE-2020-29506, CVE-2020-29507, CVE-2020-29508, CVE-2020-35163, CVE-2020-35164, CVE-2020-35166, CVE-2020-35167, CVE-2020-35168, CVE-2020-35169, CVE-2022-21432, CVE-2022-21510, CVE-2022-21511)
• Oracle Enterprise Manager July 2022 CPU Advisory (CVE-2022-21516, CVE-2022-21536, CVE-2022-29577)
• Oracle Solaris OS July 2022 CPU (CVE-2022-21439, CVE-2022-21514, CVE-2022-21524, CVE-2022-21533)
• Oracle WebLogic Server July 2022 CPU (CVE-2020-11987, CVE-2020-26184, CVE-2020-26185, CVE-2020-28491, CVE-2020-29507, CVE-2020-35169, CVE-2020-36518, CVE-2021-23450, CVE-2021-2351, CVE-2021-26291, CVE-2021-40690, CVE-2022-21548, CVE-2022-21557, CVE-2022-21560, CVE-2022-21564, CVE-2022-22965, CVE-2022-23457, CVE-2022-24839, CVE-2022-24891, CVE-2022-29577)

SUSE Linux (Credentialed Checks)

• SUSE dovecot23 Security Update (SUSE-SU-2022:2431-1) (CVE-2022-30550)
• SUSE dovecot23 Security Update (SUSE-SU-2022:2432-1) (CVE-2022-30550)
• SUSE dovecot23 Security Update (SUSE-SU-2022:2448-1) (CVE-2022-30550)
• SUSE git Security Update (SUSE-SU-2022:2535-1) (CVE-2022-29187)
• SUSE git Security Update (SUSE-SU-2022:2537-1) (CVE-2022-29187)
• SUSE gpg2 Security Update (SUSE-SU-2022:2529-1) (CVE-2022-34903)
• SUSE java-1_7_1-ibm Security Update (SUSE-SU-2022:2539-1) (CVE-2021-35561, CVE-2022-21299, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496)
• SUSE java-1_8_0-ibm Security Update (SUSE-SU-2022:2540-1) (CVE-2021-35561, CVE-2022-21299, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496)
• SUSE java-1_8_0-openjdk Security Update (SUSE-SU-2022:2530-1) (CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496)
• SUSE java-1_8_0-openjdk Security Update (SUSE-SU-2022:2531-1) (CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496)
• SUSE Linux Kernel Security Update (SUSE-SU-2022:2377-1) (CVE-2020-26541, CVE-2021-4157, CVE-2022-1012, CVE-2022-1679, CVE-2022-20132, CVE-2022-20141, CVE-2022-20154, CVE-2022-2318, CVE-2022-26365, CVE-2022-29900, CVE-2022-29901, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742, CVE-2022-33981)
• SUSE Linux Kernel Security Update (SUSE-SU-2022:2382-1) (CVE-2020-26541, CVE-2021-4157, CVE-2022-1012, CVE-2022-1679, CVE-2022-20132, CVE-2022-20141, CVE-2022-20154, CVE-2022-2318, CVE-2022-26365, CVE-2022-29900, CVE-2022-29901, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742, CVE-2022-33981)
• SUSE Linux Kernel Security Update (SUSE-SU-2022:2393-1) (CVE-2019-19377, CVE-2020-26541, CVE-2021-26341, CVE-2021-4157, CVE-2022-1184, CVE-2022-1679, CVE-2022-1729, CVE-2022-1974, CVE-2022-1975, CVE-2022-20132, CVE-2022-20141, CVE-2022-20154, CVE-2022-21499, CVE-2022-2318, CVE-2022-26365, CVE-2022-29900, CVE-2022-29901, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742, CVE-2022-33981)
• SUSE Linux Kernel Security Update (SUSE-SU-2022:2407-1) (CVE-2020-26541, CVE-2021-26341, CVE-2021-4157, CVE-2022-1679, CVE-2022-20132, CVE-2022-20141, CVE-2022-20154, CVE-2022-2318, CVE-2022-26365, CVE-2022-29900, CVE-2022-29901, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742, CVE-2022-33981)
• SUSE Linux Kernel Security Update (SUSE-SU-2022:2411-1) (CVE-2021-26341, CVE-2021-4157, CVE-2022-1679, CVE-2022-20132, CVE-2022-20141, CVE-2022-20154, CVE-2022-2318, CVE-2022-26365, CVE-2022-29900, CVE-2022-29901, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742, CVE-2022-33981)
• SUSE Linux Kernel Security Update (SUSE-SU-2022:2423-1) (CVE-2021-26341, CVE-2021-4157, CVE-2022-1679, CVE-2022-20132, CVE-2022-20141, CVE-2022-20154, CVE-2022-29900, CVE-2022-29901, CVE-2022-33981)
• SUSE mozilla-nss Security Update (SUSE-SU-2022:2533-1) (CVE-2022-31741)
• SUSE Multiple Packages Security Update (SUSE-SU-2022:2536-1) (CVE-2021-43527)
• SUSE nodejs12 Security Update (SUSE-SU-2022:2430-1) (CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215)
• SUSE nodejs14 Security Update (SUSE-SU-2022:2425-1) (CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215)
• SUSE pcre Security Update (SUSE-SU-2022:2361-1) (CVE-2022-1586)
• SUSE python-M2Crypto Security Update (SUSE-SU-2022:2527-1) (CVE-2020-25657)
• SUSE python-PyJWT Security Update (SUSE-SU-2022:2402-1) (CVE-2022-29217)
• SUSE python-PyJWT Security Update (SUSE-SU-2022:2403-1) (CVE-2022-29217)
• SUSE python2-numpy Security Update (SUSE-SU-2022:2441-1) (CVE-2021-33430, CVE-2021-41495, CVE-2021-41496)
• SUSE python3 Security Update (SUSE-SU-2022:2351-1) (CVE-2015-20107, CVE-2021-3572)
• SUSE squid Security Update (SUSE-SU-2022:2367-1) (CVE-2021-33620, CVE-2021-46784)
• SUSE squid Security Update (SUSE-SU-2022:2392-1) (CVE-2020-25097, CVE-2021-28651, CVE-2021-46784)
• SUSE webkit2gtk3 Security Update (SUSE-SU-2022:2522-1) (CVE-2022-22662, CVE-2022-22677, CVE-2022-26710)
• SUSE webkit2gtk3 Security Update (SUSE-SU-2022:2524-1) (CVE-2022-22662, CVE-2022-22677, CVE-2022-26710)
• SUSE webkit2gtk3 Security Update (SUSE-SU-2022:2525-1) (CVE-2022-22662, CVE-2022-22677, CVE-2022-26710)
• SUSE xorg-x11-server Security Update (SUSE-SU-2022:2369-1) (CVE-2022-2319, CVE-2022-2320)
• SUSE xorg-x11-server Security Update (SUSE-SU-2022:2371-1) (CVE-2022-2319, CVE-2022-2320)
• SUSE xorg-x11-server Security Update (SUSE-SU-2022:2373-1) (CVE-2022-2319, CVE-2022-2320)
• SUSE xorg-x11-server Security Update (SUSE-SU-2022:2374-1) (CVE-2022-2319, CVE-2022-2320)
• SUSE xorg-x11-server Security Update (SUSE-SU-2022:2375-1) (CVE-2022-2319, CVE-2022-2320)

Ubuntu (Credentialed Checks)

• Ubuntu Apache XML Security for Java vulnerability (USN-5525-1) (CVE-2021-40690)
• Ubuntu Checkmk vulnerabilities (USN-5527-1) (CVE-2017-14955, CVE-2017-9781, CVE-2021-36563, CVE-2021-40906, CVE-2022-24565)
• Ubuntu FreeType vulnerabilities (USN-5528-1) (CVE-2022-27404, CVE-2022-27405, CVE-2022-27406, CVE-2022-31782)
• Ubuntu HarfBuzz vulnerability (USN-5524-1) (CVE-2022-33068)
• Ubuntu Linux kernel (OEM) vulnerabilities (USN-5529-1) (CVE-2022-1652, CVE-2022-1679, CVE-2022-1789, CVE-2022-1852, CVE-2022-1973, CVE-2022-2078, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-34494, CVE-2022-34495)
• Ubuntu PHP vulnerability (USN-5530-1) (CVE-2022-31627)
• Ubuntu PyJWT vulnerability (USN-5526-1) (CVE-2022-29217)
• Ubuntu WebKitGTK vulnerabilities (USN-5522-1) (CVE-2022-22677, CVE-2022-26710)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.