[Ach] Fwd: [cert-announces] CERT.be Newsletter NEW2013-46
David Durvaux
david.durvaux at gmail.com
Thu Nov 14 16:37:13 CET 2013
A new version will be send out.
The draft was released by accident :'(.
Anyway, the content is the same in correct English :-D.
2013/11/14 David Durvaux <david.durvaux at belnet.be>
>
> Ter info ;)
> Read 4th paragraĥ.
>
> -------- Message original -------- Sujet: [cert-announces] CERT.be
> Newsletter NEW2013-46 Date : Thu, 14 Nov 2013 16:24:53 +0100 De : CERT.be
> team (David Durvaux) <info at cert.be> <info at cert.be> Répondre à :
> info at cert.be Pour : cert-announces at lists.belnet.be
>
>
> +++
> 0.
>
> Vulnerabilities and updates
>
> Weeks passes and vulnerabilities arrives with their fixes. As usual,
> we strongly recommend that you keep your software updated as it's one
> of the most efficient way to keep your systems secure. Patching your
> system is event the 2nd best mitigation strategy proposed by the
> governmental CERT in Australia ([1])
>
>
> IBM WebSphere Portal important vulnerability
>
> A vulnerability was discovered in the URL manipulation of IBM
> WebSphere Portal. The vulnerability has received a score of 7.1 which
> correspond to high risk! If you are using IBM WebSphere Portal in
> your infrastructure, we strongly recommend that you quickly update
> your software. ([2], [3] & [4]).
>
>
> Adobe hacked, let's check your data...
>
> LastPass, which is well known for his product to help you to keep your
> password secure, published a website where you check if your data were
> part of the data compromised when Adobe was attacked in October.
>
>
> No clue no how to correctly understand crypto?
>
> Are you a system administrator or a software developer? Probably you
> are willing to use crypto but AES, 3DES, Diffie-Helleman sounds like
> monster names. Or, those names are familiar to you but you don't know
> which one should be used and how? For those reasons, a nice new
> project has been started by a group of Austrian to wrote a guide with
> best practices toward system administrator and software developer.
> The core idea is to offer a cookbook from which you can simply copy /
> paste without doing mistake. As the best crypto doesn't rely on
> obfuscation, the guide is itself open-source and open for review! So,
> crypto experts, developers, administrators go to their website ([6])
> and feel free to contribute or to give back feedback!
>
>
> [1] http://www.asd.gov.au/infosec/top-mitigations/
> top35mitigationstrategies-list.htm
> [2] http://www-01.ibm.com/support/
> docview.wss?uid=swg21655656
> [3] http://xforce.iss.net/xforce/xfdb/88253
> [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5454
> [5] https://lastpass.com/adobe/
> [6] http://www.bettercrypto.org/
>
>
> +++
> 1.
>
>
> Mandriva (Mandrake)
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
>
> Apple
> Apple advisories on the CERT.be site:https://www.cert.be/pro/advisories/operating-systems/apple
>
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
>
> Linux
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
> Ubuntu update for maas
> Severity: low
> http://secunia.com/advisories/55567
>
> Red Hat update for java-1.7.0-ibm
> Severity: high
> http://secunia.com/advisories/55528
>
> Red Hat update for java-1.6.0-ibm
> Severity: high
> http://secunia.com/advisories/55496
>
> Red Hat update for java-1.5.0-ibm
> Severity: high
> http://secunia.com/advisories/55472
>
>
> Debian
> Debian advisories on the CERT.be site:https://www.cert.be/pro/advisories/operating-systems/linux/debian
>
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
> Debian update for spip
> Severity: low
> http://secunia.com/advisories/55551
>
> Debian update for icedove
> Severity: high
> http://secunia.com/advisories/55073
>
> Debian update for torque
> Severity: medium
> http://secunia.com/advisories/55535
>
>
> Mandriva
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
>
> Red Hat
> Red Hat advisories on the CERT.be site:https://www.cert.be/pro/advisories/operating-systems/linux/red-hat
>
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
> Red Hat update for java-1.7.0-ibm
> Severity: high
> http://secunia.com/advisories/55528
>
> Red Hat update for java-1.6.0-ibm
> Severity: high
> http://secunia.com/advisories/55496
>
> Red Hat update for java-1.5.0-ibm
> Severity: high
> http://secunia.com/advisories/55472
>
> Red Hat update for spacewalk-java
> Severity: medium
> http://secunia.com/advisories/55673
>
> Red Hat update for rhn-java-sat
> Severity: medium
> http://secunia.com/advisories/55672
>
> Red Hat update for flash-plugin
> Severity: high
> http://secunia.com/advisories/55723
>
>
> SuSE
> SuSE advisories on the CERT.be site:https://www.cert.be/pro/advisories/operating-systems/linux/suse
>
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
> SUSE update for apache2-mod_fcgid
> Severity: medium
> http://secunia.com/advisories/55533
>
>
> Microsoft Windows
> Microsoft Windows advisories on the CERT.be site:https://www.cert.be/pro/advisories/operating-systems/microsoft-windows
>
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
> Microsoft SharePoint Multiple Vulnerabilities
> Severity: high
> http://secunia.com/advisories/54741
>
> Microsoft Internet Explorer Multiple Vulnerabilities
> Severity: critical
> http://secunia.com/advisories/54884
>
> Microsoft Windows Hyper-V Hypercall Function Parameter Handling
> Vulnerability
> Severity: low
> http://secunia.com/advisories/55550
>
> Microsoft Windows Flash Player Two Memory Corruption Vulnerabilities
> Severity: high
> http://secunia.com/advisories/55534
>
> Microsoft Windows GDI "SetDIBitsToDevice()" API BITMAPINFOHEADER
> Processing biClrUsed Integer Overflow Vulnerability
> Severity: high
> http://secunia.com/advisories/50000
>
> Microsoft Windows X.509 Certificate Parsing Denial of Service Vulnerability
> Severity: low
> http://secunia.com/advisories/55629
>
> Microsoft Internet Explorer Multiple Vulnerabilities
> Severity: high
> http://secunia.com/advisories/55054
>
> Microsoft Windows Ancillary Function Driver Information Disclosure Weakness
> Severity: low
> http://secunia.com/advisories/55558
>
> Microsoft Windows InformationCardSigninHelper Class ActiveX Control
> Code Execution Vulnerability
> Severity: critical
> http://secunia.com/advisories/55611
>
> Microsoft Windows DirectAccess Server Connections Authentication
> Spoofing Weakness
> Severity: low
> http://secunia.com/advisories/55701
>
>
> HPUX
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
>
> Other UNIX-flavors
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
>
> Solaris
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
>
> FreeBSD
> FreeBSD advisories on the CERT.be site:https://www.cert.be/pro/advisories/operating-systems/freebsd
>
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
>
> Software
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
> eGroupware HTML File Uploads Script Insertion Vulnerability
> Severity: low
> http://secunia.com/advisories/54368
>
>
> Other servers
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
> eGroupware HTML File Uploads Script Insertion Vulnerability
> Severity: low
> http://secunia.com/advisories/54368
>
> Spacewalk Unrestricted Administrative User Creation Security Issue
> Severity: medium
> http://secunia.com/advisories/55664
>
>
> Network gear
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
> Cisco ASA Software IPv6 NAT Implementation Denial of Service Vulnerability
> Severity: low
> http://secunia.com/advisories/55592
>
> Cisco Adaptive Security Appliance (ASA) Phone Proxy Process Certificate
> Verification Security Issue
> Severity: low
> http://secunia.com/advisories/55632
>
> Cisco Adaptive Security Appliance (ASA) Auto-Update Denial of Service
> Vulnerability
> Severity: low
> http://secunia.com/advisories/55619
>
> Cisco Content Services Gateway Access Policy Security Bypass Vulnerability
> Severity: low
> http://secunia.com/advisories/55598
>
> Cisco Nexus 4000 Series NX-OS IPv6 Denial of Service Vulnerability
> Severity: low
> http://secunia.com/advisories/55698
>
> Juniper Network and Security Manager Apache Tomcat Weakness and
> Vulnerability
> Severity: low
> http://secunia.com/advisories/55714
>
> Cisco IOS SSL VPN Interface DTLS Packets Handling Denial of Service
> Vulnerability
> Severity: low
> http://secunia.com/advisories/55694
>
> Juniper Junos Space MySQL Multiple Vulnerabilities
> Severity: low
> http://secunia.com/advisories/55712
>
>
> Ubuntu
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
> Ubuntu update for kernel
> Severity: low
> http://secunia.com/advisories/55668
>
> Ubuntu update for kernel
> Severity: low
> http://secunia.com/advisories/55667
>
> Ubuntu update for openssh
> Severity: low
> http://secunia.com/advisories/55670
>
> Ubuntu update for spice
> Severity: low
> http://secunia.com/advisories/55646
>
> Ubuntu update for libav
> Severity: medium
> http://secunia.com/advisories/55601
>
> Ubuntu update for libvirt
> Severity: low
> http://secunia.com/advisories/55605
>
> Ubuntu update for libxml-security-java
> Severity: low
> http://secunia.com/advisories/55636
>
> Ubuntu update for libcommons-fileupload-java
> Severity: medium
> http://secunia.com/advisories/55716
>
>
> Fedora
> OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
> Severity: low
> http://secunia.com/advisories/55594
>
>
> Operating Systems
> Red Hat update for java-1.7.0-ibm
> Severity: high
> http://secunia.com/advisories/55528
>
> Red Hat update for java-1.6.0-ibm
> Severity: high
> http://secunia.com/advisories/55496
>
> Red Hat update for java-1.5.0-ibm
> Severity: high
> http://secunia.com/advisories/55472
>
> Ubuntu update for libxml-security-java
> Severity: low
> http://secunia.com/advisories/55636
>
> Ubuntu update for libcommons-fileupload-java
> Severity: medium
> http://secunia.com/advisories/55716
>
>
> Web servers
> Microsoft SharePoint Multiple Vulnerabilities
> Severity: high
> http://secunia.com/advisories/54741
>
> Microsoft SharePoint Server Two Vulnerabilities
> Severity: high
> http://secunia.com/advisories/55131
>
> Debian update for lighttpd
> Severity: low
> http://secunia.com/advisories/55682
>
> SUSE update for apache2-mod_fcgid
> Severity: medium
> http://secunia.com/advisories/55533
>
>
> Web browsers
> Microsoft Internet Explorer Multiple Vulnerabilities
> Severity: critical
> http://secunia.com/advisories/54884
>
> Microsoft Internet Explorer Multiple Vulnerabilities
> Severity: high
> http://secunia.com/advisories/55054
>
> Google Chrome Multiple Vulnerabilities
> Severity: high
> http://secunia.com/advisories/55637
>
> Debian update for icedove
> Severity: high
> http://secunia.com/advisories/55073
>
>
> Adobe
> Adobe ColdFusion Two Vulnerabilities
> Severity: low
> http://secunia.com/advisories/55624
>
> Adobe Flash Player / AIR Two Memory Corruption Vulnerabilities
> Severity: high
> http://secunia.com/advisories/55527
>
>
> Office suites
> Microsoft Outlook X.509 S/MIME AIA Information Disclosure Vulnerability
> Severity: low
> http://secunia.com/advisories/55574
>
> Microsoft Office Multiple WordPerfect Document Parsing Vulnerabilities
> Severity: high
> http://secunia.com/advisories/55539
>
> Number of advisories between 07-11-2013 12:00 and Today
> #11 : Microsoft Windows
> #9 : Network gear
> #9 : Ubuntu
> #7 : Red Hat
> #5 : Operating Systems
> #5 : Linux
> #4 : Web servers
> #4 : Debian
> #4 : Web browsers
> #3 : Other servers
> #2 : Software
> #2 : Office suites
> #2 : SuSE
> #2 : Adobe
> #1 : Fedora
> #1 : Solaris
> #1 : Mandriva
> #1 : Apple
> #1 : HPUX
> #1 : Other UNIX-flavors
> #1 : Mandriva (Mandrake)
> #1 : FreeBSD
>
>
> +++
> That's it for this time! You'll find this newsletter along with
> our other material on our web site at https://www.cert.be/
>
> The CERT.be Team.
> ___________________________________________________________
> CERT.be cert-announces mailinglist
> Archives: http://lists.belnet.be/wws/arc/cert-announces
> Website: https://www.cert.be/
> (un)subscribe: http://lists.belnet.be/wws/subrequest/cert-announces
>
> cert-announces at lists.belnet.be
>
>
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
--
David DURVAUX
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20131114/e38e0c13/attachment.html>
More information about the Ach
mailing list