Security update OTSEC-2020-003 is available for SilentDefense 4.1.x and eyeInspect 4.2.x deployments on Ubuntu. This security update fixes multiple CVE vulnerabilities
What’s New
Download this update to fix the following vulnerabilities:
- High Severity:
- 142731- Intel Microcode vulnerabilities (USN-4628-1)
- CVE-2020-8695
- CVE-2020-8696
- CVE-2020-8698
- 134856 – vim vulnerabilities (USN-4309-1)
- CVE-2017-1110
- CVE-2017-11109
- CVE-2017-5953
- CVE-2017-6349
- CVE-2017-6350
- CVE-2018-20786
- CVE-2019-20079
- 134039 – rsync vulnerabilities (USN-4292-1)
- CVE-2016-9840
- CVE-2016-9841
- CVE-2016-9842
- CVE-2016-9843
- 133291 – tcpdump vulnerabilities (USN-4252-1)
- CVE-2017-16808
- CVE-2018-10103
- CVE-2018-10105
- CVE-2018-14461
- CVE-2018-14462
- CVE-2018-14463
- CVE-2018-14464
- CVE-2018-14465
- CVE-2018-14466
- CVE-2018-14467
- CVE-2018-14468
- CVE-2018-14469
- CVE-2018-14470
- CVE-2018-14879
- CVE-2018-14880
- CVE-2018-14881
- CVE-2018-14882
- CVE-2018-16227
- CVE-2018-16228
- CVE-2018-16229
- CVE-2018-16230
- CVE-2018-16300
- CVE-2018-16451
- CVE-2018-16452
- CVE-2018-19519
- CVE-2019-1010220
- CVE-2019-15166
- CVE-2019-15167
- 140450 – Linux kernel vulnerability (USN-4489-1)
- CVE-2020-14386
- 137043 – ca-certificates update (USN-4377-1)
- 136692 – json-c regression (USN-4360-2)
- 139724 – curl vulnerability (USN-4466-1)
- CVE-2020-8231
- GnuTLS update (USN-4233-2)
- 136604 – file regression (USN-3911-2)
- 142731- Intel Microcode vulnerabilities (USN-4628-1)
- Medium Severity:
- 136964 – json-c vulnerability (USN-4360-4)
- CVE-2020-12762
- 134663 – ICU vulnerability (USN-4305-1)
- CVE-2020-10531
- 141448 – Linux kernel vulnerabilities (USN-4578-1)
- CVE-2018-10322
- CVE-2019-19448
- CVE-2020-14314
- CVE-2020-16119
- CVE-2020-16120
- CVE-2020-25212
- CVE-2020-26088
- 51192 – SSL Certificate Cannot Be Trusted
- 57582 – SSL Self-Signed Certificate
- 142865 – OpenJDK regressions (USN-4607-2)
- CVE-2020-14779
- CVE-2020-14781
- CVE-2020-14782
- CVE-2020-14792
- CVE-2020-14796
- CVE-2020-14797
- CVE-2020-14798
- CVE-2020-14803
- 133352 – Cyrus SASL vulnerability (USN-4256-1)
- CVE-2019-19906
- 133646 – libxml2 vulnerabilities (USN-4274-1)
- CVE-2019-19956
- CVE-2020-7595
- 142967 – Kerberos vulnerability (USN-4635-1)
- CVE-2020-28196
- 142368 – python-cryptography vulnerability (USN-4613-1)
- CVE-2020-25659
- 137556 – DBus vulnerability (USN-4398-1)
- CVE-2020-12049
- 133225 – e2fsprogs vulnerability (USN-4249-1)
- CVE-2019-5188
- 133449 – sudo vulnerability (USN-4263-1)
- CVE-2019-18634
- 133523 – systemd vulnerabilities (USN-4269-1)
- CVE-2018-16888
- CVE-2019-20386
- CVE-2019-3843
- CVE-2019-3844
- CVE-2020-1712
- 139848 – PostgreSQL vulnerabilities (USN-4472-1)
- CVE-2020-14349
- CVE-2020-14350
- 140266 – libx11 vulnerabilities (USN-4487-1)
- CVE-2020-14344
- CVE-2020-14363
- 137353 – SQLite vulnerabilities (USN-4394-1)
- CVE-2018-8740
- CVE-2019-19603
- CVE-2019-19645
- CVE-2020-11655
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-13630
- CVE-2020-13631
- CVE-2020-13632
- 139369 – Apport vulnerabilities (USN-4449-1)
- CVE-2020-11936
- CVE-2020-15701
- CVE-2020-15702
- 136608 – APT vulnerability (USN-4359-1)
- CVE-2020-3810
- 141615 – FreeType vulnerability (USN-4593-1)
- CVE-2020-15999
- 136400 – linux-firmware vulnerability (USN-4351-1)
- CVE-2018-5383
- 142371 – AccountsService vulnerabilities (USN-4616-1)
- CVE-2018-14036
- CVE-2020-16126
- CVE-2020-16127
- 142966 – OpenLDAP vulnerabilities (USN-4634-1)
- CVE-2020-25709
- CVE-2020-25710
- 142968 – PostgreSQL vulnerabilities (USN-4633-1)
- CVE-2020-25694
- CVE-2020-25695
- CVE-2020-25696
- 141177 – urllib3 vulnerability (USN-4570-1)
- CVE-2020-26137
- 136964 – json-c vulnerability (USN-4360-4)
Supported Versions
OTSEC-2020-003 can be applied to:
- SilentDefense version 4.1.x and eyeInspect 4.2.x , for deployments on Ubuntu.
This update does not cover the monitoring Sensor as an appliance on CentOS.
Availability
eyeInspect Users:
Download the modules and related documentation from the Downloads / Resources section of the OT Customer portal, https://portal.secmatters.com/.
FLEXX and PAL Users can download eyeInspect artifacts from their portals:
- FLEXX – Customer Support Portal
- PAL – Updates Portal