[CERT-daily] Tageszusammenfassung - Mittwoch 28-01-2015

Daily end-of-shift report team at cert.at
Wed Jan 28 18:09:12 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 27-01-2015 18:00 − Mittwoch 28-01-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl



*** 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 36.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/2755801




*** USN-2486-1: OpenJDK 6 vulnerabilities ***
---------------------------------------------
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could exploit these to cause a denial ..
---------------------------------------------
http://www.ubuntu.com/usn/usn-2486-1/




*** VMware Security Advisories - 1 New, 1 Updated, (Wed, Jan 28th) ***
---------------------------------------------
VMware has released an new and updated security advisory today. The two security advisories, listed below, address numerous vulnerabilities in the VMware ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19241




*** Magnetrol HART DTM Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for an improper input validation vulnerability in the CodeWrights GmbH HART DTM library utilized by some Magnetrol products.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-027-01




*** Schneider Electric Multiple Products Buffer Overflow Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a buffer overflow vulnerability in Schneider Electric's SoMove Lite software package.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-027-02




*** CodeWrights GmbH HART DTM Vulnerability (Update B) ***
---------------------------------------------
This updated advisory is a follow-up to the updated advisory titled ICSA-15-012-01A CodeWrights GmbH HART DTM Vulnerability that was published January 13, 2015, on the ICS-CERT web site. This updated advisory provides mitigation details for an improper input validation vulnerability in CodeWrights ..
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-012-01B




*** Bug in ultra secure BlackPhone let attackers decrypt texts, stalk users ***
---------------------------------------------
A recently fixed vulnerability in the BlackPhone instant messaging application gave attackers the ability to decrypt messages, steal contacts, and control vital functions of the device, which is marketed as a more secure way to protect communications from government and criminal snoops.
---------------------------------------------
http://arstechnica.com/security/2015/01/bug-in-ultra-secure-blackphone-let-attackers-decrypt-texts-stalk-users/




*** CVE-2015-0016: Escaping the Internet Explorer Sandbox ***
---------------------------------------------
I analyzed this vulnerability (designated as CVE-2015-0016) because it may be the first vulnerability in the wild that showed the capability to escape the Internet Explorer sandbox. As sandboxing represents a key part of exploit mitigation techniques, any exploit that can break established sandboxes is worth a second look.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2015-0016-escaping-the-internet-explorer-sandbox/




*** Multiple vulnerabilities in the FreeBSD kernel code ***
---------------------------------------------
Francisco Falcon from the Core Exploit Writers Team found multiple vulnerabilities in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the ..
---------------------------------------------
http://www.net-security.org/secworld.php?id=17882




*** Neue Apple-TV-Software behebt zahlreiche Sicherheitslücken ***
---------------------------------------------
Neben iOS 8.1.3 und OS X 10.10.2 hat Apple am Dienstagabend auch noch ein Update der Software seiner Multimediabox veröffentlicht. Neue Funktionen hat die offenbar nicht, dafür jede Menge Fixes.
---------------------------------------------
http://heise.de/-2530119




*** Apple security updates 27 Jan 2015 ***
---------------------------------------------
http://support.apple.com/en-us/HT1222


More information about the Daily mailing list