[CERT-daily] Tageszusammenfassung - 24.05.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 23-05-2018 18:00 − Donnerstag 24-05-2018 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

=====================
=  Vulnerabilities  =
=====================

∗∗∗ Schneider Electric Patches XXE Vulnerability In Software ∗∗∗
---------------------------------------------
Schneider Electric on Tuesday issued fixes for a vulnerability its SoMachine Basic software that could result in disclosure and retrieval of arbitrary data.
---------------------------------------------
https://threatpost.com/schneider-electric-patches-xxe-vulnerability-in-plcs/132220/


∗∗∗ Bugtraq: [security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting ∗∗∗
---------------------------------------------
A potential security vulnerability has been identified in Micro Focus Universal CMDB/CMS and Micro Focus UCMDB Browser. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).
References: CVE-2018-6495 - Corss-Site Scripting (XSS)
---------------------------------------------
http://www.securityfocus.com/archive/1/542037


∗∗∗ Vuln: Apache Batik CVE-2018-8013 Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
Apache Batik is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Apache Batik 1.9.1 and prior versions are vulnerable. 
---------------------------------------------
http://www.securityfocus.com/bid/104252


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (imagemagick), Fedora (curl, glibc, kernel, and thunderbird-enigmail), openSUSE (enigmail, knot, and python), Oracle (procps-ng), Red Hat (librelp, procps-ng, redhat-virtualization-host, rhev-hypervisor7, and unboundid-ldapsdk), Scientific Linux (procps-ng), SUSE (bash, ceph, icu, kvm, and qemu), and Ubuntu (procps and spice, spice-protocol).
---------------------------------------------
https://lwn.net/Articles/755540/


∗∗∗ IBM Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=nas8N1022433&myns=ibmi&mynp=OCSSTS2D&mynp=OCSSC5L9&mynp=OCSSC52E&mynp=OCSWG60&mync=E&cm_sp=ibmi-_-OCSSTS2D-OCSSC5L9-OCSSC52E-OCSWG60-_-E


∗∗∗ IBM Security Bulletin: IBM has released the following fixes for AIX and VIOS in response to Speculative Store Bypass (SSB), also known as Variant 4. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1027700


∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSLP (CVE-2017-17833) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099807


∗∗∗ IBM Security Bulletin: IBM Integrated Management Module (IMM) is affected by vulnerability in OpenSLP (CVE-2017-17833) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099806


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect db2exmig and db2exfmt tools shipped with IBM® Db2® (CVE-2018-1544, CVE-2018-1565) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016143


∗∗∗ IBM Security Bulletin: Buffer overflow in the db2convert tool shipped with IBM® Db2® (CVE-2018-1515). ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016140


∗∗∗ IBM Security Bulletin: Buffer overflow in IBM® Db2® tool db2licm (CVE-2018-1488). ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016141


∗∗∗ IBM Security Bulletin: IBM® Db2® is vulnerable to buffer overflow (CVE-2018-1459). ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016142


∗∗∗ IBM Security Bulletin: IBM® Db2® is affected by multiple file overwrite vulnerabilities (CVE-2018-1450, CVE-2018-1449, CVE-2018-1451, CVE-2018-1452) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016181


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015656


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016278


∗∗∗ IBM Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by OpenSLP vulnerability (CVE-2017-17833) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099809


∗∗∗ IBM Security Bulletin: IBM Chassis Management Module (CMM) is affected by OpenSLP vulnerability (CVE-2017-17833) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099808


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server April 2018 CPU ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016282

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily