TrustKeeper Scan Engine Update for August 26, 2021 | Trustwave

Written by | Aug 26, 2021 4:38:00 PM

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Atlassian Jira

Atlassian Jira DefaultOSWorkflowConfigurator Remote Code Execution Vulnerability (CVE-2017-18113)
Atlassian Jira Export HTML Report Cross-Site Scripting Vulnerability (CVE-2021-26083)
Atlassian Jira REST API Folder Endpoint Username Enumeration Vulnerability (CVE-2021-26081)
Atlassian Jira XML Export Cross-Site Scripting Vulnerability (CVE-2021-26082)

Magento

Adobe Magento Security Bulletin (APSB21-64) (CVE-2021-36012, CVE-2021-36020, CVE-2021-36021, CVE-2021-36022, CVE-2021-36023, CVE-2021-36024, CVE-2021-36025, CVE-2021-36026, CVE-2021-36027, CVE-2021-36028, CVE-2021-36029, CVE-2021-36030, CVE-2021-36031, CVE-2021-36032, CVE-2021-36033, CVE-2021-36034, CVE-2021-36035, CVE-2021-36036, CVE-2021-36037, CVE-2021-36038, CVE-2021-36039, CVE-2021-36040, CVE-2021-36041, CVE-2021-36042, CVE-2021-36043, CVE-2021-36044)

CentOS

CentOS Linux java-1.8.0-openjdk security update (CESA-2021:2776) (CVE-2021-2341, CVE-2021-2369, CVE-2021-2388)
CentOS Linux lasso security update (CESA-2021:2989) (CVE-2021-28091)
CentOS Linux microcode_ctl security, bug fix and enhancement update (CESA-2021:3027) (CVE-2020-0543, CVE-2020-0548, CVE-2020-0549, CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698)
CentOS Linux microcode_ctl security, bug fix and enhancement update (CESA-2021:3028) (CVE-2020-0543, CVE-2020-0548, CVE-2020-0549, CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698)
CentOS Linux RHV Engine and Host Common Packages security update [ovirt-4.4.7] (CESA-2021:2866) (CVE-2021-3447)
CentOS Linux ruby:2.7 security update (CESA-2021:3020) (CVE-2020-36327, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066)
CentOS Linux varnish:6 security update (CESA-2021:2988) (CVE-2021-36740)

Debian

Debian ansible Security Update (DSA-4950-1) (CVE-2019-10156, CVE-2019-10206, CVE-2019-14846, CVE-2019-14864, CVE-2019-14904, CVE-2020-10684, CVE-2020-10685, CVE-2020-10729, CVE-2020-14330, CVE-2020-14332, CVE-2020-14365, CVE-2020-1733, CVE-2020-1735, CVE-2020-1739, CVE-2020-1740, CVE-2020-1746, CVE-2020-1753, CVE-2021-20228)
Debian aspell LTS Security Update (DLA-2720-1) (CVE-2019-17544, CVE-2019-25051)
Debian aspell Security Update (DSA-4948-1) (CVE-2019-17544, CVE-2019-25051)
Debian asterisk LTS Security Update (DLA-2729-1) (CVE-2021-32558)
Debian bluez Security Update (DSA-4951-1) (CVE-2020-26558, CVE-2020-27153, CVE-2021-0129)
Debian condor LTS Security Update (DLA-2724-1) (CVE-2019-18823)
Debian drupal7 LTS Security Update (DLA-2721-1) (CVE-2021-32610)
Debian intel-microcode LTS Security Update (DLA-2718-1) (CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, CVE-2020-24513)
Debian jetty9 Security Update (DSA-4949-1) (CVE-2019-10241, CVE-2019-10247, CVE-2020-27216, CVE-2020-27223, CVE-2021-28165, CVE-2021-28169, CVE-2021-34428)
Debian libpam-tacplus LTS Security Update (DLA-2730-1) (CVE-2020-13881)
Debian libsndfile LTS Security Update (DLA-2722-1) (CVE-2021-3246)
Debian libsndfile Security Update (DSA-4947-1) (CVE-2021-3246)
Debian linuxptp LTS Security Update (DLA-2723-1) (CVE-2021-3570)
Debian lrzip LTS Security Update (DLA-2725-1) (CVE-2017-8844, CVE-2017-8846, CVE-2017-9928, CVE-2017-9929, CVE-2018-10685, CVE-2018-11496, CVE-2018-5650, CVE-2018-5747, CVE-2018-5786)
Debian openexr LTS Security Update (DLA-2732-1) (CVE-2021-20299, CVE-2021-20300, CVE-2021-20302, CVE-2021-20303, CVE-2021-3605)
Debian openjdk-11 Security Update (DSA-4946-1) (CVE-2021-2341, CVE-2021-2369, CVE-2021-2388)
Debian pyxdg LTS Security Update (DLA-2727-1) (CVE-2019-12761)
Debian shiro LTS Security Update (DLA-2726-1) (CVE-2020-13933, CVE-2020-17510)
Debian tomcat8 LTS Security Update (DLA-2733-1) (CVE-2021-30640, CVE-2021-33037)
Debian vlc LTS Security Update (DLA-2728-1) (CVE-2021-25801, CVE-2021-25802, CVE-2021-25803, CVE-2021-25804)
Debian webkit2gtk Security Update (DSA-4945-1) (CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, CVE-2021-30665, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749, CVE-2021-30758, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799)

Dell iDRAC

Dell iDRAC Improper Authentication Vulnerability (DSA-2021-082) (CVE-2021-21538)

Fedora

Fedora aspell Security Update (FEDORA-2021-69de7c7ca4) (CVE-2019-25051)
Fedora avahi Security Update (FEDORA-2021-74ebf2f06f) (CVE-2021-36217)
Fedora bluez Security Update (FEDORA-2021-ae7251c31b) (CVE-2021-3658)
Fedora buildah Security Update (FEDORA-2021-112557d2c5) (CVE-2021-3602)
Fedora buildah Security Update (FEDORA-2021-440e34200c) (CVE-2021-3602)
Fedora buildah Security Update (FEDORA-2021-47d259d3cf) (CVE-2021-34558)
Fedora chromium Security Update (FEDORA-2021-30c84b4924) (CVE-2021-30541, CVE-2021-30559, CVE-2021-30560, CVE-2021-30561, CVE-2021-30562, CVE-2021-30563, CVE-2021-30564)
Fedora curl Security Update (FEDORA-2021-5d21b90a30) (CVE-2021-22898, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925)
Fedora fossil Security Update (FEDORA-2021-8523af7a88) (CVE-2021-36377)
Fedora golang Security Update (FEDORA-2021-1bfb61f77c) (CVE-2021-34558)
Fedora golang Security Update (FEDORA-2021-25c0011e78) (CVE-2021-34558)
Fedora java-1.8.0-openjdk Security Update (FEDORA-2021-ade03666c0) (CVE-2021-2341, CVE-2021-2369, CVE-2021-2388)
Fedora java-1.8.0-openjdk Security Update (FEDORA-2021-d20d6712bc) (CVE-2021-2341, CVE-2021-2369, CVE-2021-2388)
Fedora java-11-openjdk Security Update (FEDORA-2021-4581ccb97d) (CVE-2021-2341, CVE-2021-2369, CVE-2021-2388)
Fedora java-11-openjdk Security Update (FEDORA-2021-e6b0792d75) (CVE-2021-2341, CVE-2021-2369, CVE-2021-2388)
Fedora kernel Security Update (FEDORA-2021-12618d9b08) (CVE-2021-37576)
Fedora kernel Security Update (FEDORA-2021-817b3d47d2) (CVE-2021-37576)
Fedora matrix-synapse Security Update (FEDORA-2021-a627cfd31e) (CVE-2021-21273, CVE-2021-21274, CVE-2021-21332, CVE-2021-21333, CVE-2021-21392, CVE-2021-21393, CVE-2021-21394, CVE-2021-29471)
Fedora mbedtls Security Update (FEDORA-2021-10bfc067d1) (CVE-2021-24119)
Fedora mbedtls Security Update (FEDORA-2021-165969af24) (CVE-2021-24119)
Fedora mingw-exiv2 Security Update (FEDORA-2021-0b27f220bd) (CVE-2021-29463, CVE-2021-29464)
Fedora mingw-exiv2 Security Update (FEDORA-2021-dde4d7d47e) (CVE-2021-29463, CVE-2021-29464)
Fedora mod_auth_openidc Security Update (FEDORA-2021-17f5cedf66) (CVE-2021-32786, CVE-2021-32791, CVE-2021-32792)
Fedora mod_auth_openidc Security Update (FEDORA-2021-e3017c538a) (CVE-2021-32786, CVE-2021-32791, CVE-2021-32792)
Fedora mrxvt Security Update (FEDORA-2021-0d3268fc35) (CVE-2021-33477)
Fedora mrxvt Security Update (FEDORA-2021-71556a5722) (CVE-2021-33477)
Fedora Multiple Packages Security Update (FEDORA-2021-3ec845dc0c) (CVE-2021-34552)
Fedora Multiple Packages Security Update (FEDORA-2021-bf01a738f3) (CVE-2021-34552)
Fedora php-pear Security Update (FEDORA-2021-6cf271948a) (CVE-2021-32610)
Fedora php-pear Security Update (FEDORA-2021-c9c1f6e5c7) (CVE-2021-32610)
Fedora podman Security Update (FEDORA-2021-3a55403080) (CVE-2021-34558)
Fedora redis Security Update (FEDORA-2021-10d54c261f) (CVE-2021-32761)
Fedora redis Security Update (FEDORA-2021-76cf1653b3) (CVE-2021-32761)
Fedora ruby Security Update (FEDORA-2021-36cdab1f8d) (CVE-2020-36327, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066)
Fedora webkit2gtk3 Security Update (FEDORA-2021-3de956ceee) (CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, CVE-2021-30665, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749, CVE-2021-30758, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799)
Fedora webkit2gtk3 Security Update (FEDORA-2021-cf7d8c7b1a) (CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, CVE-2021-30665, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799)

Microsoft

Microsoft Exchange Server Server-Side Request Forgery (ProxyShell) (CVE-2021-34473)
Microsoft Windows August 2021 Security Updates Missing (CVE-2021-26424, CVE-2021-26425, CVE-2021-26426, CVE-2021-26432, CVE-2021-26433, CVE-2021-34480, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-34536, CVE-2021-34537, CVE-2021-36926, CVE-2021-36927, CVE-2021-36932, CVE-2021-36933, CVE-2021-36936, CVE-2021-36937, CVE-2021-36938, CVE-2021-36942, CVE-2021-36947, CVE-2021-36948)

MongoDB

MongoDB logMessage Improper Encoding Vulnerability (SERVER-50605) (CVE-2021-20333)

PostgreSQL

PostgreSQL max_worker_processes Memory Disclosure Vulnerability (Security Update 2021-08-12) (CVE-2021-3677)

Red Hat (Credentialed Checks)

Red Hat Enterprise Linux lasso security update (RHSA-2021:2989) (CVE-2021-28091)
Red Hat Enterprise Linux microcode_ctl security, bug fix and enhancement update (RHSA-2021:3027) (CVE-2020-0543, CVE-2020-0548, CVE-2020-0549, CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698)
Red Hat Enterprise Linux microcode_ctl security, bug fix and enhancement update (RHSA-2021:3028) (CVE-2020-0543, CVE-2020-0548, CVE-2020-0549, CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698)
Red Hat Enterprise Linux ruby:2.7 security update (RHSA-2021:3020) (CVE-2020-36327, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066)
Red Hat Enterprise Linux varnish:6 security update (RHSA-2021:2988) (CVE-2021-36740)

Ubuntu (Credentialed Checks)

Ubuntu Aspell vulnerability (USN-5023-1) (CVE-2019-25051)
Ubuntu Exiv2 vulnerability (USN-5028-1) (CVE-2021-31291)
Ubuntu GnuTLS vulnerabilities (USN-5029-1) (CVE-2021-20231, CVE-2021-20232)
Ubuntu libsndfile vulnerability (USN-5025-1) (CVE-2021-3246)
Ubuntu MySQL vulnerabilities (USN-5022-1) (CVE-2021-2339, CVE-2021-2340, CVE-2021-2342, CVE-2021-2352, CVE-2021-2354, CVE-2021-2356, CVE-2021-2357, CVE-2021-2367, CVE-2021-2370, CVE-2021-2372, CVE-2021-2374, CVE-2021-2383, CVE-2021-2384, CVE-2021-2385, CVE-2021-2387, CVE-2021-2389, CVE-2021-2390, CVE-2021-2399, CVE-2021-2402, CVE-2021-2410, CVE-2021-2417, CVE-2021-2418, CVE-2021-2422, CVE-2021-2424, CVE-2021-2425, CVE-2021-2426, CVE-2021-2427, CVE-2021-2429, CVE-2021-2437, CVE-2021-2440, CVE-2021-2441)
Ubuntu PEAR vulnerability (USN-5027-1) (CVE-2021-32610)
Ubuntu Perl DBI module vulnerabilities (USN-5030-1) (CVE-2014-10402, CVE-2020-14393)
Ubuntu QPDF vulnerabilities (USN-5026-1) (CVE-2018-18020, CVE-2021-36978)
Ubuntu WebKitGTK vulnerabilities (USN-5024-1) (CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, CVE-2021-30665, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749, CVE-2021-30758, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

View full post