[CERT-daily] Tageszusammenfassung - 23.08.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 22-08-2018 18:00 − Donnerstag 23-08-2018 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================


∗∗∗ Intel erklärt Hardware-Schutz gegen Spectre- & Meltdown-Lücken ∗∗∗
---------------------------------------------
Kommende "Cascade Lake"-Xeons sind gegen Meltdown-Attacken unempfindlich und auch gegen viele Spectre-Attacken – aber Software-Patches bleiben nötig.
---------------------------------------------
http://heise.de/-4144368


∗∗∗ Tool - OpenSSH: Neue Version beseitigt 19 Jahre alte Lücke ∗∗∗
---------------------------------------------
War bereits in der allerersten Version der Software enthalten – Angreifer konnten Nutzernamen raten
---------------------------------------------
https://derstandard.at/2000085926326/OpenSSH-Neue-Version-beseitigt-19-Jahre-alte-Luecke


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel and tomcat-native), Fedora (axis, CuraEngine-lulzbot, nodejs, python-uranium-lulzbot, and sleuthkit), Gentoo (chromium, lxc, networkmanager-vpnc, and ..
---------------------------------------------
https://lwn.net/Articles/763283/


∗∗∗ Synology-SA-18:49 Ghostscript ∗∗∗
---------------------------------------------
A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM) when the AirPrint feature is enabled.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_49


∗∗∗ Vuln: Multiple Symantec Products CVE-2018-5238 DLL Loading Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/105100


∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2018-1755) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10728689


∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a remote command injection vulnerability (CVE-2018-1722) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10719623


∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection. (CVE-2018-1699) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10725805


∗∗∗ Side-channel processor vulnerability CVE-2018-3693 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K54252492

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily