[CERT-daily] Tageszusammenfassung - 17.08.2020

Mon Aug 17 18:05:02 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 14-08-2020 18:00 − Montag 17-08-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Microsoft fixes actively exploited Windows bug reported 2 years ago ∗∗∗
---------------------------------------------
Microsoft fixed a Windows security vulnerability two years after it was reported. This articles provides greater detail about the bug and how it works.(CVE-2020-1464)
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-fixes-actively-exploited-windows-bug-reported-2-years-ago/


∗∗∗ Potential Apache Struts 2 RCE flaw fixed, PoCs released ∗∗∗
---------------------------------------------
Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability (CVE-2019-0230) and PoC exploits for it have been published. 
---------------------------------------------
https://www.helpnetsecurity.com/2020/08/17/cve-2019-0230/


∗∗∗ RevoLTE: Telefonanrufe ließen sich trotz Verschlüsselung abhören ∗∗∗
---------------------------------------------
Sicherheitsforscher zeigen grundlegendes Defizit auf – Mobilfunker haben angeblich bereits nachgebessert
---------------------------------------------
https://www.derstandard.at/story/2000119401327/revolte-telefonanrufe-liessen-sich-trotz-verschluesselung-abhoeren


∗∗∗ Goodbye EmoCrash - Schwachstelle in Emotet gefixed ∗∗∗
---------------------------------------------
Eine Schwachstelle im Code von Emotet ("EmoCrash" genannt) wurde seit geraumer Zeit in der Security Community als Präventionsmaßnahme gegenEmotet Infektionen verteilt. Die bisher einer breiten Öffentlichkeit nicht bekannte Schwachstelle in der Installationsroutine von Emotet konnte wirksamen Schutz vor einer Infektion bieten, in dem ein Buffer Overflow im Code dieser Routine ausgenutzt wurde um Emotet abstürzen zu lassen.
---------------------------------------------
https://cert.at/de/aktuelles/2020/8/godbye-emocrash-schwachstelle-in-emotet-gefixed


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (squid3), Fedora (lilypond and python3), openSUSE (xen), SUSE (libreoffice, libvirt, webkit2gtk3, xen, and xerces-c), and Ubuntu (apache2).
---------------------------------------------
https://lwn.net/Articles/828811/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dovecot, htmlunit, jruby, libetpan, lucene-solr, net-snmp, and posgresql-9.6), Fedora (firefox, nss, qt, and thunderbird), Mageia (glib-networking, mumble, webkit2, and znc), openSUSE (balsa, chromium, firejail, hylafax+, libreoffice, libX11, perl-XML-Twig, thunderbird, wireshark, and xrdp), Red Hat (libvncserver), SUSE (libvirt and perl-PlRPC), and Ubuntu (dovecot and salt).
---------------------------------------------
https://lwn.net/Articles/828945/


∗∗∗ Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential information disclosure id 177835 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-ach-services-is-affected-by-a-potential-information-disclosure-id-177835/


∗∗∗ Security Bulletin: LDAP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ldap-vulnerability-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily