Alert GCSA-21089 - Aggiornamento di sicurezza per prodotti Adobe

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




******************************************************************

alert ID: GCSA-21089
data: 19 Agosto 2021
titolo: Aggiornamenti di sicurezza per prodotti Adobe

******************************************************************

:: Descrizione del problema

Adobe ha rilasciato i seguenti aggiornamenti di sicurezza per risolvere
numerose vulnerabilita', delle quali molte di livello critico
(CVSS 9.1, CVSS 8.8, CVSS 8.4, CVSS 8.1).

APSB21-60 Security update available for Adobe Captivate
APSB21-64 Security update available for Adobe Commerce
APSB21-65 Security update available for Adobe XMP Toolkit SDK
APSB21-66 Security update available for Adobe Connect
APSB21-68 Security update available for Adobe Photoshop
APSB21-69 Security update available for Adobe Bridge
APSB21-70 Security update available for Adobe Media Encoder

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Adobe Captivate 11.5.5 e versioni precedenti per MacOS
Adobe Commerce 2.4.2 e versioni precedenti per tutti i sistemi operativi
Adobe Commerce 2.4.2-p1 e versioni precedenti per tutti i sistemi operativi
Adobe Commerce 2.3.7 e versioni precedenti per tutti i sistemi operativi
Magento Commerce and Open Source versioni precedenti alla 2.4.3 per tutti i sistemi operativi
Magento Commerce and Open Source versioni precedenti alla 2.4.2-p2 per tutti i sistemi operativi
Magento Commerce and Open Source versioni precedenti alla 2.3.1-p1 per tutti i sistemi operativi
Adobe XMP-Toolkit-SDK 2020.1 e versioni precedenti per tutti i sistemi operativi
Adobe Connect versioni precedenti alla 11.2.3 per tutti i sistemi operativi
Adobe Photoshop 2020 21.2.10 e versioni precedenti per Windows e MacOS
Adobe Photoshop 2021 22.4.3 e versioni precedenti per Windows e MacOS
Adobe Bridge 11.1 e versioni precedenti per Windows
Adobe Media Encoder 15.4 e versioni precedenti per Windows


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Accesso ad informazioni riservate (ID)
Manomissione (Data Manipulation)
Acquisizione di privilegi piu' elevati (EoP)
Denial of Service (DoS)


:: Soluzioni

Per Adobe Captivate non c'e' un aggiornamento ma una hot fix
https://helpx.adobe.com/captivate/kb/access-privilege-fix.html

Per il resto del software aggiornare i software alle ultime versioni:

Adobe Commerce 2.4.3, 2.4.2-p2, 2.3.7-p1
Magento Commerce and Open Source versions 2.4.3, 2.4.2-p2, 2.3.7-p1
Adobe XMP-Toolkit-SDK 2021.07
Adobe Connect 11.2.3
Adobe Photoshop 2020 21.2.11
Adobe Photoshop 2021 22.5
Adobe Bridge 11.1.1
Adobe Bridge 10.1.3
Adobe Media Encoder 15.4.1


:: Riferimenti

Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security.html
https://helpx.adobe.com/security/products/captivate/apsb21-60.html
https://helpx.adobe.com/security/products/magento/apsb21-64.html
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
https://helpx.adobe.com/security/products/connect/apsb21-66.html
https://helpx.adobe.com/security/products/photoshop/apsb21-68.html
https://helpx.adobe.com/security/products/bridge/apsb21-69.html
https://helpx.adobe.com/security/products/media-encoder/apsb21-70.html

US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/adobe-releases-security-updates-multiple-products
https://us-cert.cisa.gov/ncas/current-activity/2021/08/18/adobe-releases-multiple-security-updates

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36079





GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert





-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYR4luAAKCRDBnEyTZRJg
Qs+2AKCcLCtUk2l5YuEi4YP1z2bXgJIIPwCeI3VxB2DEyZIzSxUFa316XcTRxI0=
=PyQu
-----END PGP SIGNATURE-----