[CERT-daily] Tageszusammenfassung - 22.05.2018

Daily end-of-shift report team at cert.at
Tue May 22 18:12:39 CEST 2018 

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 18-05-2018 18:00 − Dienstag 22-05-2018 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Sicherheitsupdates: Attacken auf DrayTek-Router ∗∗∗
---------------------------------------------
Unbekannte Angreifer haben es derzeit auf verschiedene Router von DrayTek abgesehen. Ist ein Übergriff erfolgreich, verbiegen sie die DNS-Einstellungen.
---------------------------------------------
https://heise.de/-4053059



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VU#180049: CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks ∗∗∗
---------------------------------------------
CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Also known as "Variant 4" or "SpectreNG". 
---------------------------------------------
http://www.kb.cert.org/vuls/id/180049


∗∗∗ Firewall information leak to regular SSL VPN web portal users ∗∗∗
---------------------------------------------
A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via specifically crafted URLs.
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-17-231


∗∗∗ Xen Security Advisory CVE-2018-3639 / XSA-263 ∗∗∗
---------------------------------------------
However, in most configurations, within-guest information leak is
possible.  Mitigation for this generally depends on guest changes (for
which you must consult your OS vendor) *and* on hypervisor support,
provided in this advisory.
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-263.html


∗∗∗ HPSBHF02981 rev.3 - HPE Integrated Lights-Out 2, 3, 4, 5 (iLO 2, iLO 3, iLO 4, and iLO 5) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) ∗∗∗
---------------------------------------------
A potential security vulnerability has been identified in HPE Integrated Lights-Out 2, 3, 4, 5 (iLO 2, iLO 3, iLO 4, and iLO 5) and HPE Superdome Flex RMC. The vulnerability could be exploited to allow an attacker to gain unauthorized privileges and unauthorized access to privileged information.
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04197764


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), CentOS (firefox), Debian (imagemagick), Fedora (exiv2, LibRaw, and love), Gentoo (chromium), Mageia (kernel, librelp, and miniupnpc), openSUSE (curl, enigmail, ghostscript, libvorbis, lilypond, and thunderbird), Red Hat (Red Hat OpenStack Platform director), and Ubuntu (firefox).
---------------------------------------------
https://lwn.net/Articles/755076/


∗∗∗ Security vulnerabilities fixed in Thunderbird 52.8 ∗∗∗
---------------------------------------------
* CVE-2018-5183: Backport critical security fixes in Skia
* CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack
* CVE-2018-5154: Use-after-free with SVG animations and clip paths
* CVE-2018-5155: Use-after-free with SVG animations and text paths
...
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/


∗∗∗ Security Notice -Statement on the Side-Channel Vulnerability Variants 3a and 4 ∗∗∗
---------------------------------------------
http://www.huawei.com//www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180522-01-cpu-en


∗∗∗ Security Advisory - Stack Overflow Vulnerability in Baseband Module of Some Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171125-01-baseband-en


∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony, IBM Spectrum Symphony (CVE-2017-15698, CVE-2017-15706, CVE-2018-1323, CVE-2018-1305, CVE-2018-1304) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1027633


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the GSKit component of Tivoli Netcool/OMNIbus ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21974627


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012415


∗∗∗ IBM Security Bulletin: A vulnerability in Apache Commons FileUpload affects the IBM Performance Management product (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016122


∗∗∗ IBM Security Bulletin: Atlas eDiscovery Process Management is affected by Apache Open Source Commons FileUpload Vulnerability ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22014477


∗∗∗ IBM Security Bulletin: Open Source Commons FileUpload Apache Vulnerabilities (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016234


∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects the IBM Performance Management product (CVE-2017-1681) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22015310


∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM SONAS ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012317


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016185


∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012291


∗∗∗ IBM Security Bulletin: Multiple Samba vulnerabilities affect IBM SONAS ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012292


∗∗∗ Java Bouncy Castle vulnerability CVE-2015-7940 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K10105323

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list