JCloud security update, August 2021
Multiple
critical security vulnerabilibites in software from different vendors
have been published since last update. Some of them are or could be closely
related to JCloud services. Security information about these products
are therefore published in this article.
JCloud do NOT use
the following products, neither in infrastructure nor by its employees,
and is therefore NOT vulnerable to any published security
vulnerabilities in:
- Kaseya products
- Sonicwall products
- Exim
- Microsoft products
- Pulse Connect Secure
- F5 Big-IP
JCloud may occasionally use the following products by its employees, but no security incidents have been reported:
JCloud have detected and patched the following low priority vulnerability. No security incidents have been reported
- CVE-2021-33909 - disallow extremely large seq buffer allocations
- Package fix: kernel version 5.10.55
- Commit: 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
- Affects: local user privilege escalation
- Probability of exploit: Low. Functionality used to exploit the vulnerability is disabled by default (namespaces, setuid mount, BPF, userfaultfd, FUSE)
All related and known security vulnerabilities have been corrected with software updates no later than August 10th
JCERT, 2021-08-03