<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
Ter info ;)<br>
Read 4th paragraĥ.<br>
<div class="moz-forward-container"><br>
-------- Message original --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Sujet: </th>
<td>[cert-announces] CERT.be Newsletter NEW2013-46</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date : </th>
<td>Thu, 14 Nov 2013 16:24:53 +0100</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">De : </th>
<td>CERT.be team (David Durvaux) <a class="moz-txt-link-rfc2396E" href="mailto:info@cert.be"><info@cert.be></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Répondre
à : </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:info@cert.be">info@cert.be</a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Pour : </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:cert-announces@lists.belnet.be">cert-announces@lists.belnet.be</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<pre>+++
0.
Vulnerabilities and updates
Weeks passes and vulnerabilities arrives with their fixes. As usual,
we strongly recommend that you keep your software updated as it's one
of the most efficient way to keep your systems secure. Patching your
system is event the 2nd best mitigation strategy proposed by the
governmental CERT in Australia ([1])
IBM WebSphere Portal important vulnerability
A vulnerability was discovered in the URL manipulation of IBM
WebSphere Portal. The vulnerability has received a score of 7.1 which
correspond to high risk! If you are using IBM WebSphere Portal in
your infrastructure, we strongly recommend that you quickly update
your software. ([2], [3] & [4]).
Adobe hacked, let's check your data...
LastPass, which is well known for his product to help you to keep your
password secure, published a website where you check if your data were
part of the data compromised when Adobe was attacked in October.
No clue no how to correctly understand crypto?
Are you a system administrator or a software developer? Probably you
are willing to use crypto but AES, 3DES, Diffie-Helleman sounds like
monster names. Or, those names are familiar to you but you don't know
which one should be used and how? For those reasons, a nice new
project has been started by a group of Austrian to wrote a guide with
best practices toward system administrator and software developer.
The core idea is to offer a cookbook from which you can simply copy /
paste without doing mistake. As the best crypto doesn't rely on
obfuscation, the guide is itself open-source and open for review! So,
crypto experts, developers, administrators go to their website ([6])
and feel free to contribute or to give back feedback!
[1] <a class="moz-txt-link-freetext" href="http://www.asd.gov.au/infosec/top-mitigations/">http://www.asd.gov.au/infosec/top-mitigations/</a>
top35mitigationstrategies-list.htm
[2] <a class="moz-txt-link-freetext" href="http://www-01.ibm.com/support/">http://www-01.ibm.com/support/</a>
docview.wss?uid=swg21655656
[3] <a class="moz-txt-link-freetext" href="http://xforce.iss.net/xforce/xfdb/88253">http://xforce.iss.net/xforce/xfdb/88253</a>
[4] <a class="moz-txt-link-freetext" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5454">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5454</a>
[5] <a class="moz-txt-link-freetext" href="https://lastpass.com/adobe/">https://lastpass.com/adobe/</a>
[6] <a class="moz-txt-link-freetext" href="http://www.bettercrypto.org/">http://www.bettercrypto.org/</a>
+++
1.
Mandriva (Mandrake)
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
Apple
Apple advisories on the CERT.be site:
<a class="moz-txt-link-freetext" href="https://www.cert.be/pro/advisories/operating-systems/apple">https://www.cert.be/pro/advisories/operating-systems/apple</a>
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
Linux
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
Ubuntu update for maas
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55567">http://secunia.com/advisories/55567</a>
Red Hat update for java-1.7.0-ibm
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55528">http://secunia.com/advisories/55528</a>
Red Hat update for java-1.6.0-ibm
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55496">http://secunia.com/advisories/55496</a>
Red Hat update for java-1.5.0-ibm
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55472">http://secunia.com/advisories/55472</a>
Debian
Debian advisories on the CERT.be site:
<a class="moz-txt-link-freetext" href="https://www.cert.be/pro/advisories/operating-systems/linux/debian">https://www.cert.be/pro/advisories/operating-systems/linux/debian</a>
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
Debian update for spip
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55551">http://secunia.com/advisories/55551</a>
Debian update for icedove
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55073">http://secunia.com/advisories/55073</a>
Debian update for torque
Severity: medium
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55535">http://secunia.com/advisories/55535</a>
Mandriva
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
Red Hat
Red Hat advisories on the CERT.be site:
<a class="moz-txt-link-freetext" href="https://www.cert.be/pro/advisories/operating-systems/linux/red-hat">https://www.cert.be/pro/advisories/operating-systems/linux/red-hat</a>
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
Red Hat update for java-1.7.0-ibm
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55528">http://secunia.com/advisories/55528</a>
Red Hat update for java-1.6.0-ibm
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55496">http://secunia.com/advisories/55496</a>
Red Hat update for java-1.5.0-ibm
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55472">http://secunia.com/advisories/55472</a>
Red Hat update for spacewalk-java
Severity: medium
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55673">http://secunia.com/advisories/55673</a>
Red Hat update for rhn-java-sat
Severity: medium
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55672">http://secunia.com/advisories/55672</a>
Red Hat update for flash-plugin
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55723">http://secunia.com/advisories/55723</a>
SuSE
SuSE advisories on the CERT.be site:
<a class="moz-txt-link-freetext" href="https://www.cert.be/pro/advisories/operating-systems/linux/suse">https://www.cert.be/pro/advisories/operating-systems/linux/suse</a>
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
SUSE update for apache2-mod_fcgid
Severity: medium
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55533">http://secunia.com/advisories/55533</a>
Microsoft Windows
Microsoft Windows advisories on the CERT.be site:
<a class="moz-txt-link-freetext" href="https://www.cert.be/pro/advisories/operating-systems/microsoft-windows">https://www.cert.be/pro/advisories/operating-systems/microsoft-windows</a>
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
Microsoft SharePoint Multiple Vulnerabilities
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/54741">http://secunia.com/advisories/54741</a>
Microsoft Internet Explorer Multiple Vulnerabilities
Severity: critical
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/54884">http://secunia.com/advisories/54884</a>
Microsoft Windows Hyper-V Hypercall Function Parameter Handling
Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55550">http://secunia.com/advisories/55550</a>
Microsoft Windows Flash Player Two Memory Corruption Vulnerabilities
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55534">http://secunia.com/advisories/55534</a>
Microsoft Windows GDI "SetDIBitsToDevice()" API BITMAPINFOHEADER
Processing biClrUsed Integer Overflow Vulnerability
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/50000">http://secunia.com/advisories/50000</a>
Microsoft Windows X.509 Certificate Parsing Denial of Service Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55629">http://secunia.com/advisories/55629</a>
Microsoft Internet Explorer Multiple Vulnerabilities
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55054">http://secunia.com/advisories/55054</a>
Microsoft Windows Ancillary Function Driver Information Disclosure Weakness
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55558">http://secunia.com/advisories/55558</a>
Microsoft Windows InformationCardSigninHelper Class ActiveX Control
Code Execution Vulnerability
Severity: critical
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55611">http://secunia.com/advisories/55611</a>
Microsoft Windows DirectAccess Server Connections Authentication
Spoofing Weakness
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55701">http://secunia.com/advisories/55701</a>
HPUX
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
Other UNIX-flavors
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
Solaris
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
FreeBSD
FreeBSD advisories on the CERT.be site:
<a class="moz-txt-link-freetext" href="https://www.cert.be/pro/advisories/operating-systems/freebsd">https://www.cert.be/pro/advisories/operating-systems/freebsd</a>
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
Software
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
eGroupware HTML File Uploads Script Insertion Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/54368">http://secunia.com/advisories/54368</a>
Other servers
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
eGroupware HTML File Uploads Script Insertion Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/54368">http://secunia.com/advisories/54368</a>
Spacewalk Unrestricted Administrative User Creation Security Issue
Severity: medium
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55664">http://secunia.com/advisories/55664</a>
Network gear
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
Cisco ASA Software IPv6 NAT Implementation Denial of Service Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55592">http://secunia.com/advisories/55592</a>
Cisco Adaptive Security Appliance (ASA) Phone Proxy Process Certificate
Verification Security Issue
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55632">http://secunia.com/advisories/55632</a>
Cisco Adaptive Security Appliance (ASA) Auto-Update Denial of Service
Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55619">http://secunia.com/advisories/55619</a>
Cisco Content Services Gateway Access Policy Security Bypass Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55598">http://secunia.com/advisories/55598</a>
Cisco Nexus 4000 Series NX-OS IPv6 Denial of Service Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55698">http://secunia.com/advisories/55698</a>
Juniper Network and Security Manager Apache Tomcat Weakness and
Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55714">http://secunia.com/advisories/55714</a>
Cisco IOS SSL VPN Interface DTLS Packets Handling Denial of Service
Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55694">http://secunia.com/advisories/55694</a>
Juniper Junos Space MySQL Multiple Vulnerabilities
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55712">http://secunia.com/advisories/55712</a>
Ubuntu
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
Ubuntu update for kernel
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55668">http://secunia.com/advisories/55668</a>
Ubuntu update for kernel
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55667">http://secunia.com/advisories/55667</a>
Ubuntu update for openssh
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55670">http://secunia.com/advisories/55670</a>
Ubuntu update for spice
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55646">http://secunia.com/advisories/55646</a>
Ubuntu update for libav
Severity: medium
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55601">http://secunia.com/advisories/55601</a>
Ubuntu update for libvirt
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55605">http://secunia.com/advisories/55605</a>
Ubuntu update for libxml-security-java
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55636">http://secunia.com/advisories/55636</a>
Ubuntu update for libcommons-fileupload-java
Severity: medium
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55716">http://secunia.com/advisories/55716</a>
Fedora
OpenSSH AES-GCM Ciphers Privilege Escalation Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55594">http://secunia.com/advisories/55594</a>
Operating Systems
Red Hat update for java-1.7.0-ibm
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55528">http://secunia.com/advisories/55528</a>
Red Hat update for java-1.6.0-ibm
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55496">http://secunia.com/advisories/55496</a>
Red Hat update for java-1.5.0-ibm
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55472">http://secunia.com/advisories/55472</a>
Ubuntu update for libxml-security-java
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55636">http://secunia.com/advisories/55636</a>
Ubuntu update for libcommons-fileupload-java
Severity: medium
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55716">http://secunia.com/advisories/55716</a>
Web servers
Microsoft SharePoint Multiple Vulnerabilities
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/54741">http://secunia.com/advisories/54741</a>
Microsoft SharePoint Server Two Vulnerabilities
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55131">http://secunia.com/advisories/55131</a>
Debian update for lighttpd
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55682">http://secunia.com/advisories/55682</a>
SUSE update for apache2-mod_fcgid
Severity: medium
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55533">http://secunia.com/advisories/55533</a>
Web browsers
Microsoft Internet Explorer Multiple Vulnerabilities
Severity: critical
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/54884">http://secunia.com/advisories/54884</a>
Microsoft Internet Explorer Multiple Vulnerabilities
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55054">http://secunia.com/advisories/55054</a>
Google Chrome Multiple Vulnerabilities
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55637">http://secunia.com/advisories/55637</a>
Debian update for icedove
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55073">http://secunia.com/advisories/55073</a>
Adobe
Adobe ColdFusion Two Vulnerabilities
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55624">http://secunia.com/advisories/55624</a>
Adobe Flash Player / AIR Two Memory Corruption Vulnerabilities
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55527">http://secunia.com/advisories/55527</a>
Office suites
Microsoft Outlook X.509 S/MIME AIA Information Disclosure Vulnerability
Severity: low
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55574">http://secunia.com/advisories/55574</a>
Microsoft Office Multiple WordPerfect Document Parsing Vulnerabilities
Severity: high
<a class="moz-txt-link-freetext" href="http://secunia.com/advisories/55539">http://secunia.com/advisories/55539</a>
Number of advisories between 07-11-2013 12:00 and Today
#11 : Microsoft Windows
#9 : Network gear
#9 : Ubuntu
#7 : Red Hat
#5 : Operating Systems
#5 : Linux
#4 : Web servers
#4 : Debian
#4 : Web browsers
#3 : Other servers
#2 : Software
#2 : Office suites
#2 : SuSE
#2 : Adobe
#1 : Fedora
#1 : Solaris
#1 : Mandriva
#1 : Apple
#1 : HPUX
#1 : Other UNIX-flavors
#1 : Mandriva (Mandrake)
#1 : FreeBSD
+++
That's it for this time! You'll find this newsletter along with
our other material on our web site at <a class="moz-txt-link-freetext" href="https://www.cert.be/">https://www.cert.be/</a>
The CERT.be Team.
___________________________________________________________
CERT.be cert-announces mailinglist
Archives: <a class="moz-txt-link-freetext" href="http://lists.belnet.be/wws/arc/cert-announces">http://lists.belnet.be/wws/arc/cert-announces</a>
Website: <a class="moz-txt-link-freetext" href="https://www.cert.be/">https://www.cert.be/</a>
(un)subscribe: <a class="moz-txt-link-freetext" href="http://lists.belnet.be/wws/subrequest/cert-announces">http://lists.belnet.be/wws/subrequest/cert-announces</a>
<a class="moz-txt-link-abbreviated" href="mailto:cert-announces@lists.belnet.be">cert-announces@lists.belnet.be</a>
</pre>
<br>
</div>
<br>
</body>
</html>