Saturday, January 19, 2019

Adobe

Security Bulletins Posted

Adobe has published security bulletins for Adobe Flash Player (APSB19-01), Adobe Connect (APSB19-05) and Adobe Digital Editions (APSB19-04). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.

Security updates available for Adobe Acrobat and Reader (APSB19-02)

Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB19-02). The updates referenced in the bulletin address critical  vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.

Upcoming Security Updates for Adobe Acrobat and Reader (APSB19-02)

A prenotification security advisory (APSB19-02) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Thursday, January 03, 2019. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog. This posting is provided “AS IS”...

Android

Android Security Bulletin—March 2018

Android Security Bulletin—March 2018 Published March 5, 2018 We have released an over-the-air (OTA) security update to Google devices as part of our Android Security Bulletin Monthly Release process. The Google firmware images have also been released to the Google Developer site. Builds with

Android Security Bulletin—February 2018

Android Security Bulletin—February 2018 Published February 5, 2018 We have released an over-the-air (OTA) security update to Google devices as part of our Android Security Bulletin Monthly Release process. The Google firmware images have also been released to the Google Developer site. Builds

Apple

Apple Security Advisory 2018-12-06-1

Apple Security Advisory 2018-12-06-1 - watchOS 5.1.2 is now available and addresses code execution and denial of service vulnerabilities.

Apple Security Advisory 2018-12-05-7

Apple Security Advisory 2018-12-05-7 - Shortcuts 2.1.2 is now available and addresses an undisclosed issue.

Apple Security Advisory 2018-12-05-5

Apple Security Advisory 2018-12-05-5 - iTunes 12.9.2 for Windows is now available and addresses code execution vulnerabilities.

Apple Security Advisory 2018-12-05-6

Apple Security Advisory 2018-12-05-6 - iCloud for Windows 7.9 is now available and addresses code execution vulnerabilities.

AWS

Kubernetes Security Issues (CVE-2018-18264 and kubectl proxy)

January 4, 2019 9:00 AM PST AWS is aware of the two recent security issues disclosed within Kubernetes regarding the Kubernetes API server ("kubectl proxy"), and the Kubernetes Dashboard (CVE-2018-18264). Amazon Elastic Container Service for Kubernetes (EKS) is not affected by the "kubectl proxy" issue, and no customer action...

Kubernetes Security Issue (CVE-2018-1002105)

2018/12/04 1:00 PM PST AWS is aware of a recent security issue within Kubernetes, assigned CVE identifier CVE-2018-1002105. Amazon Elastic Container Service for Kubernetes (EKS) manages the Kubernetes control plane on behalf of customers. Any new clusters launched after 2:00 PM PST on December 4, 2018 will be launched...

L1 Terminal Fault Speculative Execution Issue

August 14, 2018 11:00 AM PDT Intel has published a security advisory (INTEL-SA-00161) regarding a new side-channel analysis method concerning their processors called "L1 Terminal Fault" (L1TF). AWS has designed and implemented its infrastructure with protections against these types of attacks, and has also deployed additional protections for L1TF....

CERT

VU#531281: Microsoft Windows DNS servers are vulnerable to heap overflow

CWE-122:Heap-based Buffer Overflow - CVE-2018-8626 Microsoft Windows Domain Name System(DNS)servers are vulnerable to heap overflow attacks. Microsoft acknowledges that"an attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account."This remote code execution vulnerability exists in Windows DNS servers when they fail...

VU#289907: Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition

CWE-362:Concurrent Execution using Shared Resource with Improper Synchronization('Race Condition')- CVE-2018-8611 According to Microsoft,the Windows kernel fails"to properly handle objects in memory". A successful attacker could run arbitrary code in kernel mode,and then"install programs; view,change,or delete data; or create new accounts with full user rights."

VU#228297: Microsoft Windows MsiAdvertiseProduct function vulnerable to privilege escalation via race condition

The Microsoft Windows MsiAdvertiseProduct function allows a Windows installer product to generate a script to advertise a product to Windows,which handles shortcut and registry information associated with an installed application. The MsiAdvertiseProduct contains a race condition while performing checks,which can allow an attacker to read an arbitrary file which...

Cisco

Cisco Small Business Switches Privileged Access Vulnerability

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit...

Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing...

Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based...

Citrix

Citrix XenServer Security Update

CTX239432 NewApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.5, XenServer 7.6A number of security vulnerabilities have been identified in Citrix XenServer that have deployment-dependent impacts.These issues affect the following supported versions of Citrix XenServer:Citrix XenServer 7.6 Citrix XenServer 7.5 Citrix Xen

Citrix XenServer Security Update

CTX239100 NewApplicable Products :  XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.5, XenServer 7.6A security issue has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host.This issue affects the following versions of Citrix XenServer: Citrix XenServer 7.6 Citrix XenServer 7.5 Ci

Cross-Site Scripting Vulnerability in Citrix NetScaler

CTX239002 NewApplicable Products :  NetScaler 10.1, NetScaler 10.5, NetScaler 11.0, NetScaler 11.1, NetScaler 12.0, NetScaler 12.1A Cross-Site Scripting (XSS) vulnerability has been identified in Citrix NetScaler Gateway, formerly known as Citrix Access Gateway Enterprise Edition.  This vulnerability could potentially be used to execute malicious client-side script in the same context as legitimate content from the web...

Drupal

Drupal core – Critical – Third Party Libraries – SA-CORE-2019-001

Project: Drupal coreDate: 2019-January-16Security risk: Critical 16∕25 AC:Complex/A:User/CI:All/II:All/E:Proof/TD:UncommonVulnerability: Third Party Libraries Description: Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.Solution: If you are using Drupal 8.6.x, upgrade to Drupal 8.6.6. If you are using Drupal 8.5.x or earlier, upgrade...

Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2019-002

Project: Drupal coreDate: 2019-January-16Security risk: Critical 16∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:AllVulnerability: Arbitrary PHP code executionDescription: A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this...

Drupal Core – Multiple Vulnerabilities – SA-CORE-2018-006

Advisory ID: DRUPAL-SA-CONTRIB-2018-006 Project: Drupal core Version: 7.x, 8.x Date: 2018-October-17 Description Content moderation - Moderately critical - Access bypass - Drupal 8 In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass. In order to fix this issue, the following changes have been made...

F5 Networks

Linux kernel vulnerability CVE-2018-18021

Linux kernel vulnerability CVE-2018-18021. Security Advisory. Security Advisory Description. arch/arm64/kvm/guest.c in ...

Linux kernel vulnerability CVE-2018-14678

Linux kernel vulnerability CVE-2018-14678. Security Advisory. Security Advisory Description. An issue was discovered in ...

January 2019 OpenSSH security vulnerabilities

January 2019 OpenSSH security vulnerabilities. Security Advisory. Security Advisory Description. In January 2019, a security ...

OpenSSH vulnerability CVE-2019-6111

OpenSSH vulnerability CVE-2019-6111. Security Advisory. Security Advisory Description. ** RESERVED ** This candidate ...

Have I Been Pwned?

Collection #1 (unverified) – 772,904,991 breached accounts

In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including 773 million unique email addresses alongside passwords those addresses...

FaceUP – 87,633 breached accounts

In 2013, the Danish social media site FaceUP suffered a data breach. The incident exposed 87k unique email addresses alongside genders, dates of birth, names, phone numbers and passwords stored as unsalted MD5 hashes. When notified of the incident, FaceUP advised they had identified a SQL injection vulnerability at...

Dangdang – 4,848,734 breached accounts

In 2011, the Chinese e-commerce site Dangdang suffered a data breach. The incident exposed over 4.8 million unique email addresses which were subsequently traded online over the ensuing years.

ICS-CERT

Omron CX-Supervisor

This advisory provides mitigation recommendations for code injection, command injection, use after free, and type confusion vulnerabilities in Omron's CX-Supervisor software.

ABB CP400 Panel Builder TextEditor 2.0

This advisory provides mitigation recommendations for an improper input validation vulnerability in ABB's CP400 Panel Builder TextEditor 2.0.

ControlByWeb X-320M

This advisory provides mitigation recommendations for improper authentication and cross-site scripting vulnerabilities in the ControlByWeb X-320M, a web-enabled weather station.

LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA

This advisory includes mitigations for improper input validation, out-of-bounds read, code injection, untrusted pointer dereference, out-of-bounds write, relative path traversal, injection, use of hard-coded credentials, and authentication bypass using an alternate path or channel vulnerabilities in the LCDS LAuuis SCADA product.

Juniper Networks

Magento

Microsoft

Announcing the Microsoft Azure DevOps Bounty program

The Microsoft Security Response Center (MSRC) is pleased to announce the launch of the Azure DevOps Bounty program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities in Azure DevOps online services...

January 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.  More information about this month’s security updates can be found on the Security Update Guide.

December 2018 Security Update Release

Today, we released a security update for Internet Explorer after receiving a report from Google about a new vulnerability being used in targeted attacks. Customers who have Windows Update enabled and have applied the latest security updates, are protected automatically. We encourage customers to turn on automatic updates. Microsoft would like to...

Oracle

Splunk

Splunk-Python-SDK address one vulnerability

Description Splunk-Python-SDK address one vulnerability Untrusted TLS server certs verification is not present (CVE-2019-5729) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication with Splunk. If there...

Splunk Enterprise and Splunk Light address multiple vulnerabilities

Description Splunk Enterprise and Splunk Light address multiple vulnerabilities Cross Site Scripting in Splunk Web (CVE-2018-7427) Denial of Service (CVE-2018-7432) Path Traversal Vulnerability in Splunk Django App (CVE-2018-7431) Splunkd Denial of Service via Malformed HTTP Request (CVE-2018-7429) At the time of this announcement, Splunk is not aware...

Symantec

SYMSA1467-Linux Kernel Aug 2017 – Sep 2018 Vulnerabilities

Symantec Network Protection products that include a vulnerable version of the Linux kernel are susceptible to multiple vulnerabilities.  A remote attacker, with access to the management interface, can obtain unauthorized read/write access to local files, cause denial of service, and possible execute arbitrary code.

SYMSA1462-OpenSSL Vulnerabilities 16-Apr-2018 and 12-Jun-2018

Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A malicious SSL/TLS server can send large DH parameters during connections using DH/DHE cipher suites and cause denial-of-service in the SSL/TLS client. A local attacker can perform cache timing attacks against an application generating an RSA...

SYMSA1443- SA166: OpenSSL Vulnerabilities 27-Mar-2018

Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities.  A remote attacker can forge cryptographic messages and cause denial of service through application crashes.

Tenable

[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of...

[R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of...

[R1] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components (Apache Xalan and Serializer) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address...

US-CERT

Drupal Releases Security Updates

Original release date: January 16, 2019Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. A remote attacker could exploit these vulnerabilities to take control of an affected system.The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages...

Oracle Releases January 2019 Security Bulletin

Original release date: January 15, 2019Oracle has released its Critical Patch Update for January 2019 to address 284 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity...

SB19-014: Vulnerability Summary for the Week of January 7, 2019

Original release date: January 14, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National...

VMware

New VMware Security Advisory VMSA-2018-0031

Today, VMware has released the following new security advisory: “VMSA-2018-0031 – vRealize Operations updates address a local privilege escalation vulnerability” This documents the remediation of an important severity local privilege escalation vulnerability (CVE-2018-6978) in vRealize Operations (vROps). The issue exists due to improper permissions of support scripts. Admin** user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. **The admin...

CVE-2018-1002105

Greetings from the VMware Security Response Center! Yesterday Kubernetes disclosed CVE-2018-1002105 – a critical severity vulnerability in the Kubernetes API server. For more details on the vulnerability please see Kubernetes’ announcement here: https://discuss.kubernetes.io/t/kubernetes-security-announcement-v1-10-11-v1-11-5-v1-12-3-released-to-address-cve-2018-1002105/3700 This vulnerability affects the following VMware products: -VMware Pivotal Container Service (PKS) -VMware vCloud Director Container Service Extension (CSE) -Photon OS There will be no VMware Security Advisory since remediation for these products has already been documented in a separate advisory or the...

WordPress

WordPress 5.0.1 Security Release

WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. WordPress versions 5.0 and earlier are affected by the following bugs, which...

WordPress 4.9.7 Security and Maintenance Release

WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to...