[CERT-daily] Tageszusammenfassung - 18.12.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 17-12-2019 18:00 − Mittwoch 18-12-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Forthcoming OpenSSL release ∗∗∗
---------------------------------------------
The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.0.2u. This release will be made available on Friday 20th December 2019 between 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551 previously announced here: https://www.openssl.org/news/secadv/20191206.txt
---------------------------------------------
https://mta.openssl.org/pipermail/openssl-announce/2019-December/000164.html


∗∗∗ Betrügerische Zahlungsaufforderungen von top-urlaub.info nicht bezahlen! ∗∗∗
---------------------------------------------
Zahlreiche InternetnutzerInnen berichten uns momentan von betrügerischen Rechnungen und Zahlungsaufforderungen der Next Trip Ltd. Sie stoßen auf eine Werbung auf sozialen Netzwerken, die günstige Urlaubsangebote verspricht. Eine Registrierung führt zu hohen Zahlungsaufforderungen wegen einer angeblich abgeschlossenen Jahresmitgliedschaft. Die Rechnung über 239,90 Euro muss in derartigen Fällen nicht bezahlt werden!
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-zahlungsaufforderungen-von-top-urlaubinfo-nicht-bezahlen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Google Releases Security Updates for Chrome for Windows, Mac, and Linux ∗∗∗
---------------------------------------------
Google has released security updates for Chrome version 79.0.3945.88 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/12/18/google-releases-security-updates-chrome-windows-mac-and-linux


∗∗∗ Microsoft Releases Out-of-Band Security Updates ∗∗∗
---------------------------------------------
Microsoft has released out-of-band security updates to address a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/12/18/microsoft-releases-out-band-security-updates


∗∗∗ SpamAssassin 3.4.3 available ∗∗∗
---------------------------------------------
Apache SpamAssassin 3.4.3 contains numerous tweaks and bug fixes as we prepare to move to version 4.0.0 with better, native UTF-8 handling. There are a number of functional patches, improvements as well as security reasons to upgrade to 3.4.3.  In this release, there are bug fixes for two CVEs.
---------------------------------------------
https://lwn.net/Articles/807539/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (debian-edu-config, harfbuzz, libvorbis, and python-ecdsa), Fedora (chromium, fribidi, libssh, and openslp), openSUSE (chromium), Oracle (grub2), Red Hat (rh-maven35-apache-commons-beanutils), SUSE (kernel, libssh, mariadb, samba, and xen), and Ubuntu (openjdk-8, openjdk-lts).
---------------------------------------------
https://lwn.net/Articles/807609/


∗∗∗ Dell XPS 13 2-in-1 (7390): Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/12/warnmeldung_tw-t19-0188.html


∗∗∗ GE S2020/S2020G Fast Switch 61850 ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-351-01


∗∗∗ Security Advisory - Improper Access Control Vulnerability in Huawei Share ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191218-01-share-en


∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Huawei Share ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191218-02-share-en


∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191218-02-smartphone-en


∗∗∗ Security Advisory - Information Disclosure Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191218-03-information-en


∗∗∗ Security Bulletin: vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect/


∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js by Prototype Pollution vulnerabiliy ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-node-js-by-prototype-pollution-vulnerabiliy/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models V840 and V9000 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-linux-kernel-affect-the-ibm-flashsystem-models-v840-and-v9000/


∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-node-js-vulnerabilities/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-transformation-advisor-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-2/


∗∗∗ Security Bulletin: IBM Planning Analytics has addressed a Security Vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-has-addressed-a-security-vulnerability/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models 840 and 900 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-linux-kernel-affect-the-ibm-flashsystem-models-840-and-900/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily