[Ach] Fwd: [cert-announces] CERT.be Newsletter NEW2013-46
David Durvaux
david.durvaux at belnet.be
Thu Nov 14 16:29:44 CET 2013
Ter info ;)
Read 4th paragrah^.
-------- Message original --------
Sujet: [cert-announces] CERT.be Newsletter NEW2013-46
Date : Thu, 14 Nov 2013 16:24:53 +0100
De : CERT.be team (David Durvaux) <info at cert.be>
Répondre à : info at cert.be
Pour : cert-announces at lists.belnet.be
+++
0.
Vulnerabilities and updates
Weeks passes and vulnerabilities arrives with their fixes. As usual,
we strongly recommend that you keep your software updated as it's one
of the most efficient way to keep your systems secure. Patching your
system is event the 2nd best mitigation strategy proposed by the
governmental CERT in Australia ([1])
IBM WebSphere Portal important vulnerability
A vulnerability was discovered in the URL manipulation of IBM
WebSphere Portal. The vulnerability has received a score of 7.1 which
correspond to high risk! If you are using IBM WebSphere Portal in
your infrastructure, we strongly recommend that you quickly update
your software. ([2], [3] & [4]).
Adobe hacked, let's check your data...
LastPass, which is well known for his product to help you to keep your
password secure, published a website where you check if your data were
part of the data compromised when Adobe was attacked in October.
No clue no how to correctly understand crypto?
Are you a system administrator or a software developer? Probably you
are willing to use crypto but AES, 3DES, Diffie-Helleman sounds like
monster names. Or, those names are familiar to you but you don't know
which one should be used and how? For those reasons, a nice new
project has been started by a group of Austrian to wrote a guide with
best practices toward system administrator and software developer.
The core idea is to offer a cookbook from which you can simply copy /
paste without doing mistake. As the best crypto doesn't rely on
obfuscation, the guide is itself open-source and open for review! So,
crypto experts, developers, administrators go to their website ([6])
and feel free to contribute or to give back feedback!
[1] http://www.asd.gov.au/infosec/top-mitigations/
top35mitigationstrategies-list.htm
[2] http://www-01.ibm.com/support/
docview.wss?uid=swg21655656
[3] http://xforce.iss.net/xforce/xfdb/88253
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5454
[5] https://lastpass.com/adobe/
[6] http://www.bettercrypto.org/
+++
1.
Mandriva (Mandrake)
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
Apple
Apple advisories on the CERT.be site:
https://www.cert.be/pro/advisories/operating-systems/apple
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
Linux
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
Ubuntu update for maas
Severity: low
http://secunia.com/advisories/55567
Red Hat update for java-1.7.0-ibm
Severity: high
http://secunia.com/advisories/55528
Red Hat update for java-1.6.0-ibm
Severity: high
http://secunia.com/advisories/55496
Red Hat update for java-1.5.0-ibm
Severity: high
http://secunia.com/advisories/55472
Debian
Debian advisories on the CERT.be site:
https://www.cert.be/pro/advisories/operating-systems/linux/debian
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
Debian update for spip
Severity: low
http://secunia.com/advisories/55551
Debian update for icedove
Severity: high
http://secunia.com/advisories/55073
Debian update for torque
Severity: medium
http://secunia.com/advisories/55535
Mandriva
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
Red Hat
Red Hat advisories on the CERT.be site:
https://www.cert.be/pro/advisories/operating-systems/linux/red-hat
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
Red Hat update for java-1.7.0-ibm
Severity: high
http://secunia.com/advisories/55528
Red Hat update for java-1.6.0-ibm
Severity: high
http://secunia.com/advisories/55496
Red Hat update for java-1.5.0-ibm
Severity: high
http://secunia.com/advisories/55472
Red Hat update for spacewalk-java
Severity: medium
http://secunia.com/advisories/55673
Red Hat update for rhn-java-sat
Severity: medium
http://secunia.com/advisories/55672
Red Hat update for flash-plugin
Severity: high
http://secunia.com/advisories/55723
SuSE
SuSE advisories on the CERT.be site:
https://www.cert.be/pro/advisories/operating-systems/linux/suse
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
SUSE update for apache2-mod_fcgid
Severity: medium
http://secunia.com/advisories/55533
Microsoft Windows
Microsoft Windows advisories on the CERT.be site:
https://www.cert.be/pro/advisories/operating-systems/microsoft-windows
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
Microsoft SharePoint Multiple Vulnerabilities
Severity: high
http://secunia.com/advisories/54741
Microsoft Internet Explorer Multiple Vulnerabilities
Severity: critical
http://secunia.com/advisories/54884
Microsoft Windows Hyper-V Hypercall Function Parameter Handling
Vulnerability
Severity: low
http://secunia.com/advisories/55550
Microsoft Windows Flash Player Two Memory Corruption Vulnerabilities
Severity: high
http://secunia.com/advisories/55534
Microsoft Windows GDI "SetDIBitsToDevice()" API BITMAPINFOHEADER
Processing biClrUsed Integer Overflow Vulnerability
Severity: high
http://secunia.com/advisories/50000
Microsoft Windows X.509 Certificate Parsing Denial of Service Vulnerability
Severity: low
http://secunia.com/advisories/55629
Microsoft Internet Explorer Multiple Vulnerabilities
Severity: high
http://secunia.com/advisories/55054
Microsoft Windows Ancillary Function Driver Information Disclosure Weakness
Severity: low
http://secunia.com/advisories/55558
Microsoft Windows InformationCardSigninHelper Class ActiveX Control
Code Execution Vulnerability
Severity: critical
http://secunia.com/advisories/55611
Microsoft Windows DirectAccess Server Connections Authentication
Spoofing Weakness
Severity: low
http://secunia.com/advisories/55701
HPUX
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
Other UNIX-flavors
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
Solaris
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
FreeBSD
FreeBSD advisories on the CERT.be site:
https://www.cert.be/pro/advisories/operating-systems/freebsd
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
Software
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
eGroupware HTML File Uploads Script Insertion Vulnerability
Severity: low
http://secunia.com/advisories/54368
Other servers
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
eGroupware HTML File Uploads Script Insertion Vulnerability
Severity: low
http://secunia.com/advisories/54368
Spacewalk Unrestricted Administrative User Creation Security Issue
Severity: medium
http://secunia.com/advisories/55664
Network gear
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
Cisco ASA Software IPv6 NAT Implementation Denial of Service Vulnerability
Severity: low
http://secunia.com/advisories/55592
Cisco Adaptive Security Appliance (ASA) Phone Proxy Process Certificate
Verification Security Issue
Severity: low
http://secunia.com/advisories/55632
Cisco Adaptive Security Appliance (ASA) Auto-Update Denial of Service
Vulnerability
Severity: low
http://secunia.com/advisories/55619
Cisco Content Services Gateway Access Policy Security Bypass Vulnerability
Severity: low
http://secunia.com/advisories/55598
Cisco Nexus 4000 Series NX-OS IPv6 Denial of Service Vulnerability
Severity: low
http://secunia.com/advisories/55698
Juniper Network and Security Manager Apache Tomcat Weakness and
Vulnerability
Severity: low
http://secunia.com/advisories/55714
Cisco IOS SSL VPN Interface DTLS Packets Handling Denial of Service
Vulnerability
Severity: low
http://secunia.com/advisories/55694
Juniper Junos Space MySQL Multiple Vulnerabilities
Severity: low
http://secunia.com/advisories/55712
Ubuntu
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
Ubuntu update for kernel
Severity: low
http://secunia.com/advisories/55668
Ubuntu update for kernel
Severity: low
http://secunia.com/advisories/55667
Ubuntu update for openssh
Severity: low
http://secunia.com/advisories/55670
Ubuntu update for spice
Severity: low
http://secunia.com/advisories/55646
Ubuntu update for libav
Severity: medium
http://secunia.com/advisories/55601
Ubuntu update for libvirt
Severity: low
http://secunia.com/advisories/55605
Ubuntu update for libxml-security-java
Severity: low
http://secunia.com/advisories/55636
Ubuntu update for libcommons-fileupload-java
Severity: medium
http://secunia.com/advisories/55716
Fedora
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
http://secunia.com/advisories/55594
Operating Systems
Red Hat update for java-1.7.0-ibm
Severity: high
http://secunia.com/advisories/55528
Red Hat update for java-1.6.0-ibm
Severity: high
http://secunia.com/advisories/55496
Red Hat update for java-1.5.0-ibm
Severity: high
http://secunia.com/advisories/55472
Ubuntu update for libxml-security-java
Severity: low
http://secunia.com/advisories/55636
Ubuntu update for libcommons-fileupload-java
Severity: medium
http://secunia.com/advisories/55716
Web servers
Microsoft SharePoint Multiple Vulnerabilities
Severity: high
http://secunia.com/advisories/54741
Microsoft SharePoint Server Two Vulnerabilities
Severity: high
http://secunia.com/advisories/55131
Debian update for lighttpd
Severity: low
http://secunia.com/advisories/55682
SUSE update for apache2-mod_fcgid
Severity: medium
http://secunia.com/advisories/55533
Web browsers
Microsoft Internet Explorer Multiple Vulnerabilities
Severity: critical
http://secunia.com/advisories/54884
Microsoft Internet Explorer Multiple Vulnerabilities
Severity: high
http://secunia.com/advisories/55054
Google Chrome Multiple Vulnerabilities
Severity: high
http://secunia.com/advisories/55637
Debian update for icedove
Severity: high
http://secunia.com/advisories/55073
Adobe
Adobe ColdFusion Two Vulnerabilities
Severity: low
http://secunia.com/advisories/55624
Adobe Flash Player / AIR Two Memory Corruption Vulnerabilities
Severity: high
http://secunia.com/advisories/55527
Office suites
Microsoft Outlook X.509 S/MIME AIA Information Disclosure Vulnerability
Severity: low
http://secunia.com/advisories/55574
Microsoft Office Multiple WordPerfect Document Parsing Vulnerabilities
Severity: high
http://secunia.com/advisories/55539
Number of advisories between 07-11-2013 12:00 and Today
#11 : Microsoft Windows
#9 : Network gear
#9 : Ubuntu
#7 : Red Hat
#5 : Operating Systems
#5 : Linux
#4 : Web servers
#4 : Debian
#4 : Web browsers
#3 : Other servers
#2 : Software
#2 : Office suites
#2 : SuSE
#2 : Adobe
#1 : Fedora
#1 : Solaris
#1 : Mandriva
#1 : Apple
#1 : HPUX
#1 : Other UNIX-flavors
#1 : Mandriva (Mandrake)
#1 : FreeBSD
+++
That's it for this time! You'll find this newsletter along with
our other material on our web site at https://www.cert.be/
The CERT.be Team.
___________________________________________________________
CERT.be cert-announces mailinglist
Archives: http://lists.belnet.be/wws/arc/cert-announces
Website: https://www.cert.be/
(un)subscribe: http://lists.belnet.be/wws/subrequest/cert-announces
cert-announces at lists.belnet.be
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20131114/4cd3905f/attachment.html>
More information about the Ach
mailing list