[CERT-daily] Tageszusammenfassung - 17.01.2018

Wed Jan 17 18:11:59 CET 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 16-01-2018 18:00 − Mittwoch 17-01-2018 18:00
Handler:     Nina Bieringer
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================

∗∗∗ Linux-Kernel 4.15 schützt vor Meltdown und Spectre ∗∗∗
---------------------------------------------
Das noch diesen Monat erwartete Linux 4.15 versucht, die Prozessor-Sicherheitslücken Meltdown und Spectre im Zaum zu halten. Ohne Performance-Verlust geht das aber auch bei Linux nicht – und vollständig sind die Gegenmaßnahmen auch noch nicht.
---------------------------------------------
https://heise.de/-3900646


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Meltdown and Spectre Vulnerabilities (Update A) ∗∗∗
---------------------------------------------
This updated alert is a follow-up to the original alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities that was published January 11, 2018, on the NCCIC/ICS-CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01A


∗∗∗ Cisco Web Security Appliance Reflected Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wsa1


∗∗∗ Cisco Unified Communications Manager Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data.The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm


∗∗∗ Cisco StarOS CLI Command Injection Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros


∗∗∗ Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the administrative shell of the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esasma


∗∗∗ Oracle Critical Patch Update Advisory - January 2018 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html


∗∗∗ Critical Patch Update - January 2018 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html


∗∗∗ Solaris Third Party Bulletin - January 2018 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/bulletinjan2018-4181198.html


∗∗∗ Oracle Linux Bulletin - January 2018 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2018-4214643.html


∗∗∗ Oracle VM Server for x86 Bulletin - January 2018 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/ovmbulletinjan2018-4214644.html


∗∗∗ WordPress 4.9.2 Security and Maintenance Release ∗∗∗
---------------------------------------------
https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily