{"id":263425,"date":"2022-07-18T03:04:26","date_gmt":"2022-07-18T05:04:26","guid":{"rendered":"https:\/\/teknomers.com\/fr\/juniper-publie-des-correctifs-pour-les-failles-critiques-dans-junos-os-et-contrail-networking\/"},"modified":"2022-07-18T03:04:27","modified_gmt":"2022-07-18T05:04:27","slug":"juniper-publie-des-correctifs-pour-les-failles-critiques-dans-junos-os-et-contrail-networking","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/juniper-publie-des-correctifs-pour-les-failles-critiques-dans-junos-os-et-contrail-networking\/","title":{"rendered":"Juniper publie des correctifs pour les failles critiques dans Junos OS et Contrail Networking"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Juniper Networks a pouss\u00e9 les mises \u00e0 jour de s\u00e9curit\u00e9 pour r\u00e9pondre <a rel=\"nofollow noopener\" href=\"https:\/\/kb.juniper.net\/InfoCenter\/index?page=content&amp;channel=SECURITY_ADVISORIES\" target=\"_blank\">plusieurs vuln\u00e9rabilit\u00e9s<\/a> affectant plusieurs produits, dont certains pourraient \u00eatre exploit\u00e9s pour prendre le contr\u00f4le des syst\u00e8mes concern\u00e9s.<\/p>\n<p>Les failles les plus critiques affectent Junos Space et Contrail Networking, la soci\u00e9t\u00e9 technologique exhortant les clients \u00e0 publier respectivement les versions 22.1R1 et 21.4.0.<\/p>\n<p>Le principal d&#8217;entre eux est une collection de 31 bogues dans le logiciel de gestion de r\u00e9seau Junos Space, y compris CVE-2021-23017 (score CVSS\u00a0: 9,4) qui pourraient entra\u00eener un plantage d&#8217;appareils vuln\u00e9rables ou m\u00eame entra\u00eener l&#8217;ex\u00e9cution de code arbitraire.<\/p>\n<p>&#8220;Un probl\u00e8me de s\u00e9curit\u00e9 dans le r\u00e9solveur nginx a \u00e9t\u00e9 identifi\u00e9, ce qui pourrait permettre \u00e0 un attaquant capable de falsifier des paquets UDP \u00e0 partir du serveur DNS de provoquer un \u00e9crasement de m\u00e9moire de 1 octet, entra\u00eenant un plantage du processus de travail ou un autre impact potentiel&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/supportportal.juniper.net\/s\/article\/2022-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release-CVE-2022-22218?language=en_US\" target=\"_blank\">a dit<\/a>.<\/p>\n<p>La m\u00eame faille de s\u00e9curit\u00e9 a \u00e9galement \u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/supportportal.juniper.net\/s\/article\/2022-07-Security-Bulletin-Northstar-Controller-nginx-component-allows-remote-attacker-to-cause-worker-process-crash-or-potentially-arbitrary-code-execution-CVE-2021-23017-2?language=en_US\" target=\"_blank\">corrig\u00e9<\/a> dans Northstar Controller dans les versions 5.1.0 Service Pack 6 et 6.2.2.<\/p>\n<p>De plus, le fabricant d&#8217;\u00e9quipements de r\u00e9seautage a mis en garde contre <a rel=\"nofollow noopener\" href=\"https:\/\/supportportal.juniper.net\/s\/article\/2022-07-Security-Bulletin-Junos-Space-Security-Director-Policy-Enforcer-upgraded-to-CentOS-7-9?language=en_US\" target=\"_blank\">plusieurs probl\u00e8mes connus<\/a> exister dans <a rel=\"nofollow noopener\" href=\"https:\/\/wiki.centos.org\/Manuals\/ReleaseNotes\/CentOS6.8\" target=\"_blank\">Cent OS 6.8<\/a> fourni avec Junos Space Policy Enforcer avant <a rel=\"nofollow noopener\" href=\"https:\/\/www.juniper.net\/documentation\/en_US\/junos-space22.1\/policy-enforcer\/information-products\/topic-collections\/release-notes\/22.1\/jd0e30.html#jd0e30\" target=\"_blank\">version 22.1R1<\/a>.  En guise d&#8217;att\u00e9nuation, la version de CentOS fournie avec le composant Policy Enforcer a \u00e9t\u00e9 mise \u00e0 niveau vers la version 7.9.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowdsec-tour-d\" target=\"_blank\" title=\"CyberSecurity\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEj6zHdXd3qpCksF0nkMkrjsOzaw-cxZGPHWoTEp9y7VPIeyPBFGsmIyIX8NTkqI1IDqnIXYnsZuIh4rc9f8TNUn7ndAZqtXc-t58X2oueTaL4Ijb4hgH-b183QvQ0ienXIipuOsqeLP5b8I2prKmp0RWvdZQgnKehVRKbqRQpin1JgfwlZeE_IB4EmesQ\/s1600\/crowdsec-728.jpg\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Sont \u00e9galement r\u00e9pertori\u00e9es 166 vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 affectant son produit Contrail Networking qui affectent toutes les versions ant\u00e9rieures \u00e0 21.4.0 et ont re\u00e7u collectivement le score CVSS maximum de 10,0.<\/p>\n<p>&#8220;Plusieurs vuln\u00e9rabilit\u00e9s dans les logiciels tiers utilis\u00e9s dans Juniper Networks Contrail Networking ont \u00e9t\u00e9 r\u00e9solues dans la version 21.4.0 en mettant \u00e0 niveau l&#8217;image de conteneur Red Hat Universal Base Image (UBI) conforme \u00e0 l&#8217;Open Container Initiative (OCI) de Red Hat Enterprise Linux 7 vers Red Hat Enterprise Linux 8&#8221;, il <a rel=\"nofollow noopener\" href=\"https:\/\/supportportal.juniper.net\/s\/article\/2022-07-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-4?language=en_US\" target=\"_blank\">c&#8217;est not\u00e9<\/a> dans un avis.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/07\/juniper-releases-patches-for-critical.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Juniper Networks a pouss\u00e9 les mises \u00e0 jour de s\u00e9curit\u00e9 pour r\u00e9pondre plusieurs vuln\u00e9rabilit\u00e9s affectant plusieurs produits, dont certains pourraient \u00eatre exploit\u00e9s pour prendre le contr\u00f4le des syst\u00e8mes concern\u00e9s. Les failles les plus critiques affectent Junos Space et Contrail Networking, la soci\u00e9t\u00e9 technologique exhortant les clients \u00e0 publier respectivement les versions 22.1R1 et 21.4.0. Le [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":263426,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4168,90724,15954,5729,4158,4165,4161,429,133,4806,90722,90723,4157,4159,4171,4170,65,4167,4160,90725,4163,4162,185,2212,4172,4169,4166,4164],"class_list":["post-263425","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-comment-pirater","tag-contrail","tag-correctifs","tag-critiques","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dans","tag-des","tag-failles","tag-juniper","tag-junos","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-networking","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-pour","tag-publie","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/263425","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=263425"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/263425\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/263426"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=263425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=263425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=263425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}