TrustKeeper Scan Engine Update for January 10, 2021

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

CentOS Linux (Credentialed Checks)

• CentOS Linux firefox security update (CESA-2021:5013) (CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546)
• CentOS Linux firefox Security Update (CESA-2021:5014) (CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546)
• CentOS Linux go-toolset:rhel8 security and bug fix update (CESA-2021:5160) (CVE-2021-44716, CVE-2021-44717)
• CentOS Linux idm:DL1 security update (CESA-2021:5142) (CVE-2020-25719)
• CentOS Linux ipa Security Update (CESA-2021:5195) (CVE-2020-25719)
• CentOS Linux java-1.8.0-ibm security update (CESA-2021:5030) (CVE-2021-35556, CVE-2021-35559, CVE-2021-35560, CVE-2021-35564, CVE-2021-35565, CVE-2021-35578, CVE-2021-35586, CVE-2021-41035)
• CentOS Linux kernel security and bug fix update (CESA-2021:5227) (CVE-2021-20321)
• CentOS Linux log4j Security Update (CESA-2021:5206) (CVE-2021-4104)
• CentOS Linux nodejs:16 security, bug fix, and enhancement update (CESA-2021:5171) (CVE-2020-28469, CVE-2020-7788, CVE-2021-22959, CVE-2021-22960, CVE-2021-33502, CVE-2021-3807, CVE-2021-3918)
• CentOS Linux openssl security update (CESA-2021:5226) (CVE-2021-3712)
• CentOS Linux postgresql:12 security update (CESA-2021:5235) (CVE-2021-23214, CVE-2021-3677)
• CentOS Linux postgresql:13 security update (CESA-2021:5236) (CVE-2021-23214, CVE-2021-3677)
• CentOS Linux samba security update (CESA-2021:5082) (CVE-2016-2124, CVE-2020-25717, CVE-2021-23192)
• CentOS Linux samba Security Update (CESA-2021:5192) (CVE-2016-2124, CVE-2020-25717)
• CentOS Linux thunderbird security update (CESA-2021:5045) (CVE-2021-43528, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546)
• CentOS Linux thunderbird security update (CESA-2021:5046) (CVE-2021-43528, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546)
• CentOS Linux virt:rhel and virt-devel:rhel security update (CESA-2021:5238) (CVE-2021-20257, CVE-2021-3930)

Debian Linux (Credentialed Checks)

• Debian apache-log4j2 LTS Security Update (DLA-2842-1) (CVE-2021-44228)
• Debian apache-log4j2 Security Update (DSA-5020-1) (CVE-2020-9488, CVE-2021-44228)
• Debian apache-log4j2 Security Update (DSA-5022-1) (CVE-2021-45046)
• Debian apache-log4j2 Security Update (DSA-5024-1) (CVE-2021-45105)
• Debian firefox-esr Security Update (DSA-5026-1) (CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-43534, CVE-2021-43535, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546)
• Debian gerbv LTS Security Update (DLA-2839-1) (CVE-2021-40391)
• Debian libsamplerate LTS Security Update (DLA-2845-1) (CVE-2017-7697)
• Debian libssh2 LTS Security Update (DLA-2848-1) (CVE-2019-13115, CVE-2019-17498)
• Debian linux LTS Security Update (DLA-2843-1) (CVE-2020-16119, CVE-2020-3702, CVE-2021-0920, CVE-2021-20317, CVE-2021-20321, CVE-2021-20322, CVE-2021-22543, CVE-2021-3612, CVE-2021-3653, CVE-2021-3655, CVE-2021-3679, CVE-2021-37159, CVE-2021-3732, CVE-2021-3753, CVE-2021-3760, CVE-2021-3816, CVE-2021-38198, CVE-2021-38199, CVE-2021-3820, CVE-2021-38204, CVE-2021-40490, CVE-2021-41864, CVE-2021-42008, CVE-2021-4273, CVE-2021-43389)
• Debian mediawiki LTS Security Update (DLA-2847-1) (CVE-2021-44858)
• Debian mediawiki Security Update (DSA-5021-1) (CVE-2021-44857, CVE-2021-44858, CVE-2021-45038)
• Debian modsecurity-apache Security Update (DSA-5023-1) (CVE-2021-42717)
• Debian nss LTS Security Update (DLA-2836-2) (CVE-2021-43527)
• Debian privoxy LTS Security Update (DLA-2844-1) (CVE-2021-44540, CVE-2021-44543)
• Debian python-babel Security Update (DSA-5018-1) (CVE-2021-42771)
• Debian raptor2 LTS Security Update (DLA-2846-1) (CVE-2020-25713)
• Debian roundcube LTS Security Update (DLA-2840-1) (CVE-2021-44025, CVE-2021-44026)
• Debian runc LTS Security Update (DLA-2841-1) (CVE-2021-43784)
• Debian sogo Security Update (DSA-5029-1) (CVE-2021-33054)
• Debian tang Security Update (DSA-5025-1) (CVE-2021-4076)
• Debian webkit2gtk Security Update (DSA-5030-1) (CVE-2021-30887, CVE-2021-30890)
• Debian wireshark Security Update (DSA-5019-1) (CVE-2021-22207, CVE-2021-22222, CVE-2021-22235, CVE-2021-39920, CVE-2021-39921, CVE-2021-39922, CVE-2021-39923, CVE-2021-39924, CVE-2021-39925, CVE-2021-39926, CVE-2021-39928, CVE-2021-39929)
• Debian wpewebkit Security Update (DSA-5031-1) (CVE-2021-30887, CVE-2021-30890)
• Debian xorg-server Security Update (DSA-5027-1) (CVE-2021-4008, CVE-2021-4009, CVE-2021-4010, CVE-2021-4011)

Fedora Linux (Credentialed Checks)

• Fedora calibre Security Update (FEDORA-2021-e42fadbcc3) (CVE-2021-44686)
• Fedora golang Security Update (FEDORA-2021-2b2dd1b5a7) (CVE-2021-38297, CVE-2021-41771, CVE-2021-41772)
• Fedora golang-github-opencontainers-image-spec Security Update (FEDORA-2021-6789ed60f2) (CVE-2021-41190)
• Fedora grub2 Security Update (FEDORA-2021-73d63662b0) (CVE-2021-3981)
• Fedora isync Security Update (FEDORA-2021-577129851b) (CVE-2021-3657, CVE-2021-44143)
• Fedora keepalived Security Update (FEDORA-2021-255eff1bb5) (CVE-2021-44225)
• Fedora kernel Security Update (FEDORA-2021-e6cbca1e9e) (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715)
• Fedora lapack Security Update (FEDORA-2021-aec9d01057) (CVE-2021-4048)
• Fedora libmysofa Security Update (FEDORA-2021-28b495e9e0) (CVE-2020-6860, CVE-2021-3756)
• Fedora mariadb Security Update (FEDORA-2021-72d5918529) (CVE-2021-2372, CVE-2021-2389, CVE-2021-35604)
• Fedora matrix-synapse Security Update (FEDORA-2021-2f9dcdbace) (CVE-2021-41281)
• Fedora mingw-python-lxml Security Update (FEDORA-2021-9f9e7c5c4f) (CVE-2021-43818)
• Fedora Multiple Packages Security Update (FEDORA-2021-66d6c484f3) (CVE-2021-44228)
• Fedora Multiple Packages Security Update (FEDORA-2021-c824326120) (CVE-2020-35884)
• Fedora pam-u2f Security Update (FEDORA-2021-724f4733e9) (CVE-2021-31924)
• Fedora tang Security Update (FEDORA-2021-aa1d373ed0) (CVE-2021-4076)
• Fedora vim Security Update (FEDORA-2021-b0ac29efb1) (CVE-2021-3903, CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019, CVE-2021-4069)
• Fedora xen Security Update (FEDORA-2021-2b3a2de94f) (CVE-2021-28704, CVE-2021-28705, CVE-2021-28706, CVE-2021-28707, CVE-2021-28708, CVE-2021-28709)

Palo Alto Networks

• Palo Alto Networks PAN-OS Log4j Vulnerabilities Security Update (CVE-2021-44228) (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

FreeBSD

• FreeBSD Apache httpd Security Update (ca982e2d-61a9-11ec-8be6-d4c9ef517024) (CVE-2021-44224, CVE-2021-44790)
• FreeBSD bastillion Security Update (515df85a-5cd7-11ec-a16d-001517a2e1a4) (CVE-2021-44228)
• FreeBSD chromium Security Update (18ac074c-579f-11ec-aac7-3065ec8fd3ec) (CVE-2021-4052, CVE-2021-4053, CVE-2021-4054, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057, CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062, CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066, CVE-2021-4067, CVE-2021-4068, CVE-2021-4078, CVE-2021-4079)
• FreeBSD chromium Security Update (fb9ba490-5cc4-11ec-aac7-3065ec8fd3ec) (CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101, CVE-2021-4102)
• FreeBSD Gitlab Security Update (b299417a-5725-11ec-a587-001b217b3468) (CVE-2021-39910, CVE-2021-39915, CVE-2021-39916, CVE-2021-39917, CVE-2021-39918, CVE-2021-39919, CVE-2021-39930, CVE-2021-39931, CVE-2021-39932, CVE-2021-39933, CVE-2021-39934, CVE-2021-39935, CVE-2021-39936, CVE-2021-39937, CVE-2021-39938, CVE-2021-39940, CVE-2021-39941, CVE-2021-39944, CVE-2021-39945)
• FreeBSD go Security Update (720505fe-593f-11ec-9ba8-002324b2fba8) (CVE-2021-44716, CVE-2021-44717)
• FreeBSD Grafana Security Update (4b478274-47a0-11ec-bd24-6c3be5272acd) (CVE-2021-41174)
• FreeBSD Grafana Security Update (99bff2bd-4852-11ec-a828-6c3be5272acd) (CVE-2021-41244)
• FreeBSD Grafana Security Update (a994ff7d-5b3f-11ec-8398-6c3be5272acd) (CVE-2021-43813)
• FreeBSD Grafana Security Update (c2a7de31-5b42-11ec-8398-6c3be5272acd) (CVE-2021-43815)
• FreeBSD Grafana Security Update (e33880ed-5802-11ec-8398-6c3be5272acd) (CVE-2021-43798)
• FreeBSD graylog Security Update (3fadd7e4-f8fb-45a0-a218-8fd6423c338f) (CVE-2021-44228)
• FreeBSD graylog Security Update (650734b2-7665-4170-9a0a-eeced5e10a5e) (CVE-2021-45046)
• FreeBSD mediawiki Security Update (0a50bb48-625f-11ec-a1fb-080027cb2f6f) (CVE-2021-44854, CVE-2021-44855, CVE-2021-44856, CVE-2021-44857, CVE-2021-44858, CVE-2021-45038)
• FreeBSD opengrok Security Update (1135e939-62b4-11ec-b8e2-1c1b0d9ea7e6) (CVE-2021-2322)
• FreeBSD openhab Security Update (93a1c9a7-5bef-11ec-a47a-001517a2e1a4) (CVE-2021-44228)
• FreeBSD OpenSearch Security Update (4b1ac5a3-5bd4-11ec-8602-589cfc007716) (CVE-2021-44228)
• FreeBSD OpenSSL Security Update (0132ca5b-5d11-11ec-8be6-d4c9ef517024) (CVE-2021-4044)
• FreeBSD p7zip Security Update (942fff11-5ac4-11ec-89ea-c85b76ce9b5a) (CVE-2018-10115)
• FreeBSD Privoxy Security Update (897e1962-5d5a-11ec-a3ed-040e3c3cf7e7) (CVE-2021-44540, CVE-2021-44541, CVE-2021-44542, CVE-2021-44543)
• FreeBSD serviio Security Update (1ea05bb8-5d74-11ec-bb1e-001517a2e1a4) (CVE-2021-44228)

Microsoft

• Microsoft Windows December 2021 Security Updates Missing (CVE-2021-40441, CVE-2021-41333, CVE-2021-43207, CVE-2021-43215, CVE-2021-43216, CVE-2021-43217, CVE-2021-43219, CVE-2021-43222, CVE-2021-43223, CVE-2021-43224, CVE-2021-43226, CVE-2021-43227, CVE-2021-43228, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234, CVE-2021-43235, CVE-2021-43236, CVE-2021-43238, CVE-2021-43244, CVE-2021-43245, CVE-2021-43246, CVE-2021-43247, CVE-2021-43248, CVE-2021-43883, CVE-2021-43893)

PostgreSQL

• PostgreSQL Multiple Vulnerabilities (Security Update 2021-11-11) (CVE-2021-23214, CVE-2021-23222)

Red Hat (Credentialed Checks)

• Red Hat Enterprise Linux firefox security update (RHSA-2021:5013) (CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546)
• Red Hat Enterprise Linux firefox security update (RHSA-2021:5014) (CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546)
• Red Hat Enterprise Linux go-toolset:rhel8 security and bug fix update (RHSA-2021:5160) (CVE-2021-44716, CVE-2021-44717)
• Red Hat Enterprise Linux idm:DL1 security update (RHSA-2021:5142) (CVE-2020-25719)
• Red Hat Enterprise Linux ipa security and bug fix update (RHSA-2021:5195) (CVE-2020-25719)
• Red Hat Enterprise Linux java-1.8.0-ibm security update (RHSA-2021:5030) (CVE-2021-35556, CVE-2021-35559, CVE-2021-35560, CVE-2021-35564, CVE-2021-35565, CVE-2021-35578, CVE-2021-35586, CVE-2021-41035)
• Red Hat Enterprise Linux kernel security and bug fix update (RHSA-2021:5227) (CVE-2021-20321)
• Red Hat Enterprise Linux log4j security update (RHSA-2021:5206) (CVE-2021-4104)
• Red Hat Enterprise Linux nodejs:16 security, bug fix, and enhancement update (RHSA-2021:5171) (CVE-2020-28469, CVE-2020-7788, CVE-2021-22959, CVE-2021-22960, CVE-2021-33502, CVE-2021-3807, CVE-2021-3918)
• Red Hat Enterprise Linux openssl security update (RHSA-2021:5226) (CVE-2021-3712)
• Red Hat Enterprise Linux postgresql:12 security update (RHSA-2021:5235) (CVE-2021-23214, CVE-2021-3677)
• Red Hat Enterprise Linux postgresql:13 security update (RHSA-2021:5236) (CVE-2021-23214, CVE-2021-3677)
• Red Hat Enterprise Linux samba security and bug fix update (RHSA-2021:5192) (CVE-2016-2124, CVE-2020-25717)
• Red Hat Enterprise Linux samba security update (RHSA-2021:5082) (CVE-2016-2124, CVE-2020-25717, CVE-2021-23192)
• Red Hat Enterprise Linux thunderbird security update (RHSA-2021:5045) (CVE-2021-43528, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546)
• Red Hat Enterprise Linux thunderbird security update (RHSA-2021:5046) (CVE-2021-43528, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546)
• Red Hat Enterprise Linux virt:rhel and virt-devel:rhel security update (RHSA-2021:5238) (CVE-2021-20257, CVE-2021-3930)

Samba

• Samba AD DC Multiple Vulnerabilities (Security Releases 2021-11-10-1) (CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738)
• Samba AD DC Multiple Vulnerabilities (Security Releases 2021-11-10-2) (CVE-2016-2124, CVE-2020-25717)
• Samba DCE/RPCA Injection Vulnerability (CVE-2021-23192)

Ubuntu (Credentialed Checks)

• Ubuntu Apache Log4j 2 vulnerability (USN-5197-1) (CVE-2021-44228, CVE-2021-45046)
• Ubuntu Apache Log4j 2 vulnerability (USN-5203-1) (CVE-2021-45105)
• Ubuntu Firefox regressions (USN-5186-2) (CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43540, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546)
• Ubuntu HTMLDOC vulnerability (USN-5198-1) (CVE-2021-23180)
• Ubuntu Mumble vulnerability (USN-5195-1) (CVE-2021-27229)
• Ubuntu OpenJDK vulnerabilities (USN-5202-1) (CVE-2021-2341, CVE-2021-2369, CVE-2021-2388, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603)
• Ubuntu Python vulnerabilities (USN-5199-1) (CVE-2021-3733, CVE-2021-3737)
• Ubuntu Python vulnerabilities (USN-5200-1) (CVE-2020-8492, CVE-2021-3733, CVE-2021-3737)
• Ubuntu Python vulnerabilities (USN-5201-1) (CVE-2021-3737)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.