[CERT-daily] Tageszusammenfassung - Dienstag 14-03-2017

Daily end-of-shift report team at cert.at
Tue Mar 14 18:07:38 CET 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 13-03-2017 18:00 − Dienstag 14-03-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** Stored XSS in WordPress Core ***
---------------------------------------------
As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites. While our original disclosure only described one vulnerability, ..
---------------------------------------------
https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.htm




*** DSA-3808 imagemagick - security update ***
---------------------------------------------
This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitisingmay result in denial of service or the execution of arbitrary code if malformed TGA, Sun or PSD files are processed.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3808




*** VMSA-2017-0004 ***
---------------------------------------------
VMware product updates resolve remote code execution vulnerability via Apache Struts 2
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0004.html




*** Hintergrund: Vom Leben und Sterben der 0days ***
---------------------------------------------
Viele diskutieren über Zero-Day-Exploits, doch die wenigsten haben je ein lebendiges Exemplar gesehen. Zwei interessante Studien bringen überraschende Erkenntnisse zur Lebenserwartung dieser gefährlichen Spezies.
---------------------------------------------
https://heise.de/-3651392




*** Privatsphäre: Verschleiern der MAC-Adresse bei WLAN ist fast nutzlos ***
---------------------------------------------
Die eigene MAC-Adresse beim WLAN zu verschleiern, gilt als eine der zentralen Funktionen zum Schutz der Privatsphäre. Auf mobilen Geräten ist dieser Schutz weitgehend nutzlos. 
---------------------------------------------
https://www.golem.de/news/privatsphaere-verschleiern-der-mac-adresse-bei-wlan-ist-fast-nutzlos-1703-126709.html




*** Security Bulletins posted for Flash Player and Adobe Shockwave Player ***
---------------------------------------------
Adobe has published security bulletins for Adobe Flash Player (APSB17-07) and Adobe Shockwave Player (APSB17-08). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1449




*** Betreiber kritischer Infrastruktur erhalten Zugang zu Behörden-Funk ***
---------------------------------------------
"Direkter Draht" zu Behörden im Falle eines kompletten "Blackouts" – Innenministerium stellt Funkgeräte ..
---------------------------------------------
http://derstandard.at/2000054157780




*** Red Hat Product Security Risk Report 2016 ***
---------------------------------------------
At Red Hat, our dedicated Product Security team analyzes threats and vulnerabilities against all our products and provides relevant advice and updates ..
---------------------------------------------
https://access.redhat.com/blogs/766093/posts/2957221


More information about the Daily mailing list