======================= = End-of-Shift report = =======================
Timeframe: Dienstag 18-06-2013 18:00 − Mittwoch 19-06-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter
*** Sybase EAServer Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Sybase EAServer, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53733
*** Java SE Critical Patch Update - June 2013 *** --------------------------------------------- Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 40 new security fixes across Java SE products of which 4 are applicable to server deployments of Java. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.htm...
*** Java 7 update 25 released (Tue, Jun 18th) *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.htm... (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16025
*** Critical Update Plugs 40 Security Holes in Java *** --------------------------------------------- Oracle today released a critical patch update for its Java software that fixes at least 40 security vulnerabilities in this widely deployed program and browser plugin. Updates are available for Java 7 on both Mac and Windows. --------------------------------------------- https://krebsonsecurity.com/2013/06/critical-update-plugs-40-security-holes-...
*** Siemens WinCC 7.2 Multiple Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for vulnerabilities that impact the Siemens WinCC Web Navigator 7.2. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-169-02
*** Remote code execution vuln appears in Puppet *** --------------------------------------------- Big trouble in automated clouds - Puppet Labs has blasted out a security advisory about a vulnerability in the popular infrastructure management tool Puppet. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/06/18/puppet_secur...
*** Solaris 10 patch cluster File clobbering vulnerability *** --------------------------------------------- Topic: Solaris 10 patch cluster File clobbering vulnerability Risk: Medium Text:File clobbering vulnerability in Solaris 10 patch cluster 3/27/2013 Larry W. Cashdollar @_larry0 Hello, The 147147-2... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060154
*** Joomla 1.5.26, 2.5.11, 3.1.1 crypto vulnerability *** --------------------------------------------- Topic: Joomla 1.5.26, 2.5.11, 3.1.1 crypto vulnerability Risk: Medium Text:# Vulnerable Application All current and past versions of Joomla (http://www.joomla.org) up to 1.5.26, 2.5.11, 3.1.1. Also th... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060146
*** Symantec Endpoint Protection Manager Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability has been reported in Symantec Endpoint Protection Manager, which can be exploited by malicious people to compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53864
*** Angestellte wollen Hilfe bei IT-Sicherheit *** --------------------------------------------- Der Umgang mit Informationstechnik gehört auch für Angestellte in kleinen und mittelständischen Unternehmen zum täglichen Alltag. Einer Studie zufolge fühlten sie sich bei dieser Aufgabe jedoch vielfach alleingelassen. --------------------------------------------- http://futurezone.at/b2b/16584-angestellte-wollen-hilfe-bei-it-sicherheit.ph...