[CERT-daily] Tageszusammenfassung - 23.08.2018
Daily end-of-shift report
team at cert.at
Thu Aug 23 18:08:48 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 22-08-2018 18:00 − Donnerstag 23-08-2018 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
=====================
= News =
=====================
∗∗∗ Intel erklärt Hardware-Schutz gegen Spectre- & Meltdown-Lücken ∗∗∗
---------------------------------------------
Kommende "Cascade Lake"-Xeons sind gegen Meltdown-Attacken unempfindlich und auch gegen viele Spectre-Attacken – aber Software-Patches bleiben nötig.
---------------------------------------------
http://heise.de/-4144368
∗∗∗ Tool - OpenSSH: Neue Version beseitigt 19 Jahre alte Lücke ∗∗∗
---------------------------------------------
War bereits in der allerersten Version der Software enthalten – Angreifer konnten Nutzernamen raten
---------------------------------------------
https://derstandard.at/2000085926326/OpenSSH-Neue-Version-beseitigt-19-Jahre-alte-Luecke
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel and tomcat-native), Fedora (axis, CuraEngine-lulzbot, nodejs, python-uranium-lulzbot, and sleuthkit), Gentoo (chromium, lxc, networkmanager-vpnc, and ..
---------------------------------------------
https://lwn.net/Articles/763283/
∗∗∗ Synology-SA-18:49 Ghostscript ∗∗∗
---------------------------------------------
A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM) when the AirPrint feature is enabled.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_49
∗∗∗ Vuln: Multiple Symantec Products CVE-2018-5238 DLL Loading Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/105100
∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2018-1755) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10728689
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a remote command injection vulnerability (CVE-2018-1722) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10719623
∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection. (CVE-2018-1699) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10725805
∗∗∗ Side-channel processor vulnerability CVE-2018-3693 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K54252492
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list