[CERT-daily] Tageszusammenfassung - 10.01.2018

Daily end-of-shift report team at cert.at
Wed Jan 10 18:05:16 CET 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 09-01-2018 18:00 − Mittwoch 10-01-2018 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Let’s Encrypt: 2018.01.09 Issue with TLS-SNI-01 and Shared Hosting Infrastructure ∗∗∗
---------------------------------------------
At approximately 5 p.m. Pacific time on January 9, 2018, we received a report from Frans Rosén of Detectify outlining a method of exploiting some shared hosting infrastructures to obtain certificates for domains he did not control, by making use of the ACME TLS-SNI-01 challenge type. We quickly confirmed the issue and mitigated it by entirely disabling TLS-SNI-01 validation in Let’s Encrypt
---------------------------------------------
https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996



=====================
=  Vulnerabilities  =
=====================

∗∗∗ January 2018 security update release ∗∗∗
---------------------------------------------
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this months security updates can be found in the Security Update Guide.
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2018/01/09/january-2018-security-update-release/


∗∗∗ Bugtraq: [security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. ∗∗∗
---------------------------------------------
On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE.
---------------------------------------------
http://www.securityfocus.com/archive/1/541654


∗∗∗ DFN-CERT-2018-0065/">Irssi: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
Mehrere Schwachstellen in Irssi ermöglichen auch einem entfernten, einfach authentisierten Angreifer verschiedene Denial-of-Service (DoS)-Angriffe. Das Irssi-Projekt stellt die Version 1.0.6 von Irssi im Quellcode zur Verfügung, um die Schwachstellen zu schließen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0065/


∗∗∗ Blue Coat ProxySG Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Open Redirect Attacks and Obtain Authentication Information ∗∗∗
---------------------------------------------
Several vulnerabilities were reported in Blue Coat ProxySG. A remote user can redirect the target user's browser to an arbitrary site. A remote user can obtain authentication information on the target system. A remote user can conduct cross-site scripting attacks.
---------------------------------------------
http://www.securitytracker.com/id/1040138


∗∗∗ VMSA-2018-0004 ∗∗∗
---------------------------------------------
VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0004.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (awstats, gdk-pixbuf, plexus-utils, and plexus-utils2), Fedora (asterisk, gimp, heimdal, libexif, linux-firmware, mupdf, poppler, thunderbird, webkitgtk4, wireshark, and xrdp), openSUSE (diffoscope, irssi, and qemu), SUSE (java-1_7_0-ibm, kernel-firmware, and qemu), and Ubuntu (irssi, kernel, linux, linux-aws, linux-euclid, linux-kvm, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-lts-xenial, linux-aws,
---------------------------------------------
https://lwn.net/Articles/743903/rss


∗∗∗ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180110-ucm


∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1361) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22012409


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012420


∗∗∗ IBM Security Bulletin: Fix available for Stored Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1739) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012366


∗∗∗ IBM Security Bulletin: Fix available for Reflected Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1740) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012372


∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Cúram Social Program Management (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012374


∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability (CVE-2017-1478) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012323

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list