[CERT-daily] Tageszusammenfassung - 30.07.2019

Daily end-of-shift report team at cert.at
Tue Jul 30 18:02:43 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 29-07-2019 18:00 − Dienstag 30-07-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ E-Bikes nicht bei limebikes.de bestellen ∗∗∗
---------------------------------------------
Haben Sie vor, sich ein E-Bike zu kaufen? Dann sollten Sie es keinesfalls bei limebikes.de bestellen. Die ansprechende Website und die unschlagbaren Preise sind Fake, es handelt sich um einen betrügerischen Shop. Ihr Bike wird trotz Bezahlung nie geliefert!
---------------------------------------------
https://www.watchlist-internet.at/news/e-bikes-nicht-bei-limebikesde-bestellen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records ∗∗∗
---------------------------------------------
Updated packages (that only contain a Postgres schema change) will be released later. Just upgrading at that time will not fix the vulnerability - applying the schema change is mandatory.
---------------------------------------------
https://mailman.powerdns.com/pipermail/pdns-announce/2019-July/001123.html


∗∗∗ OpenSSL Security Advisory: Windows builds with insecure path defaults (CVE-2019-1552) ∗∗∗
---------------------------------------------
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. ... However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of C:/usr/local, which may be world writable, which enables untrusted users to modify OpenSSLs default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. Severity: Low
---------------------------------------------
https://www.openssl.org/news/secadv/20190730.txt


∗∗∗ Google Project Zero: Sechs interaktionslose iMessage-Lücken, eine ohne Patch ∗∗∗
---------------------------------------------
Das Sicherheitsprojekt der Suchmaschine hat ein halbes Dutzend Fehler im Apple-Betriebssystem iOS offengelegt, davon diverse kritische.
---------------------------------------------
https://heise.de/-4483807


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (cutter-re and radare2), Oracle (389-ds-base, httpd, kernel, libssh2, and qemu-kvm), Red Hat (389-ds-base, chromium-browser, curl, docker, httpd, keepalived, kernel, kernel-alt, kernel-rt, libssh2, perl, podman, procps-ng, qemu-kvm, qemu-kvm-ma, ruby, samba, and vim), Scientific Linux (389-ds-base, curl, libssh2, and qemu-kvm), SUSE (bzip2 and openexr), and Ubuntu (python-urllib3 and tmpreaper).
---------------------------------------------
https://lwn.net/Articles/794920/


∗∗∗ 2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on High Voltage Products ∗∗∗
---------------------------------------------
http://search.abb.com/library/Download.aspx?DocumentID=2GHV057194&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on ABB Power Grids - Grid Automation products ∗∗∗
---------------------------------------------
https://new.abb.com/news/detail/28733/cyber-security-notification


∗∗∗ 2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on ABB Robot Controller Software ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=SI20192&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on AC 800PEC ∗∗∗
---------------------------------------------
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A6671&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ Security Advisory - Three Vulnerabilities in Huawei PCManager Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190710-01-pcmanager-en


∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by a missing function level access control vulnerability (CVE-2019-4163) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storediq-is-affected-by-a-missing-function-level-access-control-vulnerability-cve-2019-4163/


∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by a denial of service attack vulnerability (CVE-2019-4165) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storediq-is-affected-by-a-denial-of-service-attack-vulnerability-cve-2019-4165/


∗∗∗ IBM Security Bulletin: External Service invocation in IBM Business Space affects IBM Business Monitor (CVE-2018-1885) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-external-service-invocation-in-ibm-business-space-affects-ibm-business-monitor-cve-2018-1885/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list