Patch these Juniper Networks bugs, CISA says

Key thing here is review: some of these flaws can be exploited to bring down equipment, or allow a rogue non-admin insider to take over a box. Some may not be directly exploitable but present in software within Juniper's products. So, review the risk, and update accordingly.in Junos Space, the vendor's network management software, which Juniper collectively rated"critical.

All of the other products' critical security updates note that Juniper is not aware of any malicious exploitation — but that notice is conspicuously absent from the Junos Space flaws and the vendor didn't respond toAccording to the bulletin, which collectively rated 31 Junos Space bugs as critical, the vulns affect several third-party products including nginx resolver, Oracle Java SE, OpenSSH, Samba, the RPM package manager, Kerberos, OpenSSL, the Linux kernel, curl, and MySQL Server.

One of these, tracked as CVE-2021-23017 in nginx resolver, received a CVSS severity score of 9.4 out of 10, and if exploited could allow an attacker to crash the entire system. It"might allow an attacker who is able to forge UDP packets from the DNS server to cause one-byte memory overwrite, resulting in worker process crash or potential other impact," Juniper warned.

While the vendor didn't provide details about the Policy Enforcer bugs, they received a 9.8 CVSS score, and there are"multiple" vulnerabilities in this product, according to the security bulletin. The flaws affect all versions of Junos Space Policy Enforcer prior to 22.1R1, and Juniper said it has fixed the issues.

The next group of critical vulnerabilities exist in third-party software used in the Contrail Networking product. In this securityUpgrading to release 21.4.0 fixes the Open Container Initiative-compliant Red Hat Universal Base Image container image from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8, the vendor explained in the alert.

United Kingdom Latest News, United Kingdom Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Rail passengers told to avoid travel in heatwaveNetwork Rail says people should only travel if necessary, and services could be delayed or cancelled I think that’s sound advice. Wouldn’t want to be stopped on the track in a tin can. How did we manage in British Rail days?
Source: BBCLondonNews - 🏆 115. / 51 Read more »

Juniper's entry-level campus switches pack a lot of powerJuniper's entry-level campus switches pack a lot of (literal) power
Source: TheRegister - 🏆 67. / 61 Read more »

AWS's cloud-controlled network service generally availableCloud, on-prem ... we've got the network service to rule them all, says AWS
Source: TheRegister - 🏆 67. / 61 Read more »

Anatomy of a Windows Network File System vulnerabilityWindows Network File System flaw results in arbitrary code execution as SYSTEM Not to mention their injections Serious question: How has Microsoft gotten away with being an 'enterprise' OS and software supplier without ever offering an enterprise filesystem? Sure, you can use GPFS, etc., but why nothing from MS themselves? How do MS shops address this? 🤣
Source: TheRegister - 🏆 67. / 61 Read more »

Twitter is down: Everything we know about the outage on the social media siteSome of the speculation as to why Twitter just suffered a massive outage is pretty funny, tbf. TwitterDown -
Source: The Yorkshire Post - 🏆 39. / 66 Read more »

Our £4k Turkey trip was left in ruins after our son, 5, was hit by mystery bugA BRITISH family said their dream £4,000 five-star holiday turned into a nightmare after a mystery bug left their five-year-old son in hospital. Sheri Smith, 43, said her family started feeling unw… So, I am assuming the reason behind you mentioning the cost of the hotel, means he would have been immune from the bug if it was a cheaper holiday?
Source: TheSun - 🏆 64. / 61 Read more »