Tuesday, May 26, 2020

Adobe

Security Bulletins Posted

Adobe has published security bulletins for Adobe Character Animator (APSB20-25), Adobe Premiere Pro (APSB20-27), Adobe Audition (APSB20-28) and Adobe Premiere Rush (APSB20-29). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and...

Security Bulletins Posted

Adobe has published security bulletins for Adobe Acrobat and Reader (APSB20-24) and Adobe DNG Software Development Kit (SDK) (APSB20-26). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.

Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-24)

A prenotification security advisory (APSB20-24) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, May 12, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog. This posting is provided “AS IS”...

Apple

Apple Security Advisory 2020-05-20-1

Apple Security Advisory 2020-05-20-1 - Xcode 11.5 is now available and addresses an issue where a crafted git URL that contains a newline in it may cause credential information...

Apple Security Advisory 2020-03-25-2

Apple Security Advisory 2020-03-25-2 - iCloud for Windows 7.18 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-25-1

Apple Security Advisory 2020-03-25-1 - iCloud for Windows 10.9.3 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-7

Apple Security Advisory 2020-03-24-7 - Xcode 11.4 is now available and contains security improvements.

AWS

Minimum Version of TLS 1.2 Required for FIPS Endpoints by March 31, 2021

Initial Publication Date: 2020/03/31 11:15AM PDT AWS is updating all AWS Federal Information Processing Standard (FIPS) endpoints to a minimum Transport Layer Security (TLS) version of 1.2 across all AWS Regions by March 31, 2021. This update will revoke the ability to use TLS 1.0 and TLS 1.1...

Kubernetes Security Issue (CVE-2019-11249)

Last Updated: August 15, 2019 9:00AM PDT CVE Identifier: CVE-2019-11249 AWS is aware of a security issue (CVE-2019-11249) which resolves incomplete fixes for CVE-2019-1002101 and CVE-2019-11246. Like the aforementioned CVEs, the issue is in the Kubernetes kubectl tool that could allow a malicious container to replace or create files...

Kubernetes Security Issue (CVE-2019-11246)

July 02, 2019 2:00 PM PDT CVE Identifier: CVE-2019-11246 AWS is aware of a security vulnerability (CVE-2019-11246) in the Kubernetes kubectl tool that could allow a malicious container to replace or create files on a user's workstation. If a user were to run an untrusted container containing a malicious...

CERT

VU#534195: Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Low Energy(BLE)Core Configuration. Like Bluetooth Classic(BR/ER),BLE is used for low-power short-range communications,but has significantly lower power consumption,making it ideal for Internet of Things(IoT)and other resource restricted devices. For two...

VU#647177: Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Basic Rate/Enhanced Data Rate(BR/EDR)Core Configurations. Bluetooth BR/EDR is used for low-power short-range communications. To establish an encrypted connection,two Bluetooth devices must pair with each other using a link key....

VU#366027: Samsung Qmage codec for Android Skia library does not properly validate image files

The Samsung May 2020 Android Security Update notes that"a possible memory overwrite vulnerability in Quram qmg library allows possible remote arbitrary code execution."Samsung identifies this vulnerability as SVE-2020-16747,more commonly known as CVE-2020-8899. Google Project Zero performed extensive fuzz testing on the Qmage(or Quram,or qmg)code Samsung added to the Android...

Cisco

Cisco MDS 9000 Series Switches Denial of Service Vulnerability

A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource usage control. An attacker could exploit this...

Cisco AMP for Endpoints Mac Connector Software File Scan Denial of Service Vulnerability

A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service (DoS) condition of the Cisco AMP for Endpoints service. The vulnerability...

Cisco Prime Network Registrar DHCP Denial of Service Vulnerability

A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a...

Citrix

Citrix ShareFile storage zones Controller multiple security updates

CTX269106 NewCitrix ShareFile storage zones Controller multiple security updatesApplicable Products :  ShareFileSecurity issues have been identified in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the a

Citrix Hypervisor Security Update

CTX272237 NewCitrix Hypervisor Security UpdateApplicable Products :  Citrix_HypervisorXenServerXenServer_7_1_Cumulative_Update_2An issue has been discovered in Citrix Hypervisor that, if exploited, could potentially allow an attacker on the management network to enumerate valid administrative account usernames.  Note that this attack does not disclose the corresponding passwords an

Citrix Hypervisor Multiple Security Updates

CTX270837 NewCitrix Hypervisor Multiple Security UpdatesApplicable Products :  Citrix_Hypervisor_8_0Citrix_Hypervisor_8_1XenServer_7_0XenServer_7_1_Cumulative_Update_2Several issues have been identified within Citrix Hypervisor, which could, if exploited, allow:privileged code in a PV guest VM to read a single uninitialized 4kB page of memory (that may contain data left by a previous VM) privileged code in a gues

Drupal

Drupal core – Moderately critical – Open Redirect – SA-CORE-2020-003

Project: Drupal coreDate: 2020-May-20Security risk: Moderately critical 10∕25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Open RedirectDescription: Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto()...

Drupal core – Moderately critical – Cross Site Scripting – SA-CORE-2020-002

Project: Drupal coreDate: 2020-May-20Security risk: Moderately critical 10∕25 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingDescription: The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the...

Drupal core – Moderately critical – Third-party library – SA-CORE-2020-001

Project: Drupal coreVersion: 8.8.x-dev8.7.x-devDate: 2020-March-18Security risk: Moderately critical 13∕25 AC:Complex/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Third-party libraryDescription: The Drupal project uses the third-party library CKEditor, which has released a security improvement that is needed to protect some Drupal configurations. Vulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your site’s users. When multiple people can edit content,...

F5 Networks

OpenSSH vulnerability CVE-2019-6111

OpenSSH vulnerability CVE-2019-6111 Security Advisory Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server ...

OpenSSH vulnerability CVE-2019-6110

OpenSSH vulnerability CVE-2019-6110 Security Advisory Security Advisory Description In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or ...

OpenSSH vulnerability CVE-2018-20685

OpenSSH vulnerability CVE-2018-20685 Security Advisory Security Advisory Description In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via ...

Linux kernel vulnerability CVE-2019-19062

Linux kernel vulnerability CVE-2019-19062 Security Advisory Security Advisory Description A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3 ...

Have I Been Pwned?

PetFlow – 990,919 breached accounts

In December 2017, the pet care delivery service PetFlow suffered a data breach which consequently appeared for sale on a dark web marketplace. Almost 1M accounts were impacted and exposed email addresses and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by a source who...

Artsy – 1,079,970 breached accounts

In April 2018, the online arts database Artsy suffered a data breach which consequently appeared for sale on a dark web marketplace. Over 1M accounts were impacted and included IP and email addresses, names and passwords stored as salted SHA-512 hashes. The data was provided to HIBP by a...

Lifebear – 3,670,561 breached accounts

In early 2019, the Japanese schedule app Lifebear appeared for sale on a dark web marketplace amongst a raft of other hacked websites. The breach exposed almost 3.7M unique email addresses, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who...

ICS-CERT

Johnson Controls Software House C-CURE 9000 and American Dynamics victor VMS

This advisory contains mitigations for a Cleartext Storage of Sensitive Information vulnerability in Johnson Controls' Software House C•CURE 9000 and American Dynamics victor Video Management systems.

Schneider Electric EcoStruxure Operator Terminal Expert

This advisory contains mitigations for SQL Injection, Path Traversal, and Argument Injection vulnerabilities in Schneider Electric EcoStruxure Operator Terminal Expert touchscreen configuration software.

Rockwell Automation EDS Subsystem

This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer, and SQL Injection vulnerabiliies in Rockwell Automation EDS Subsystem controllers.

Emerson OpenEnterprise

This advisory contains mitigations for Missing Authentication for Critical Function, Improper Ownership Management, and Inadequate Encryption Strength vulnerabilities in Emerson OpenEnterprise SCADA software.

Juniper Networks

Magento

Microsoft

Solving Uninitialized Stack Memory on Windows

This blog post outlines the work that Microsoft is doing to eliminate uninitialized stack memory vulnerabilities from Windows and why we’re on this path. This blog post will be broken down into a few parts that folks can jump to: Uninitialized Memory Background Potential Solutions to Uninitialized Memory Vulnerabilities...

Azure Sphere Security Research Challenge Now Open

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new research challenge...

The Safety Boat: Kubernetes and Rust

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and is primarily written in the...

Oracle

Splunk

Splunk Enterprise and Splunk Light address one vulnerability

Description Splunk Enterprise and Splunk Light address one vulnerability Persistent Cross Site Scripting in Splunk Web (SPL-138827, CVE-2019-5727) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication...

Splunk-Python-SDK address one vulnerability

Description Splunk-Python-SDK address one vulnerability Untrusted TLS server certs verification is not present (CVE-2019-5729) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication with Splunk. If there...

Symantec

SYMSA1485-Symantec Endpoint Encryption Privilege Escalation

Symantec has released an update to address issues that were discovered in the Symantec Endpoint Encryption and Symantec Encryption Desktop products.

SYMSA1462-OpenSSL Vulnerabilities 16-Apr-2018 and 12-Jun-2018

Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A malicious SSL/TLS server can send large DH parameters during connections using DH/DHE cipher suites and cause denial-of-service in the SSL/TLS client. A local attacker can perform cache timing attacks against an application generating an RSA...

SYMSA1484-DLP Cross Site Scripting

Symantec has released updates to address an issue that was discovered in the DLP product.

Tenable

[R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain a multiple vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled library to...

[R1] Tenable.sc 5.14.0 Fixes Multiple Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. One third-party component (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of...

[R1] SimpleSAMLPHP Stand-alone Patch Available for Tenable.sc versions 5.9.x to 5.12.x

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (SimpleSAMLPHP) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to provide a stand-alone patch to address the potential...

US-CERT

Vulnerability Summary for the Week of May 18, 2020

Original release date: May 25, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High...

Microsoft Releases Security Update for Edge

Original release date: May 22, 2020Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). A remote attacker could exploit this vulnerability to write files to arbitrary locations and gain elevated privileges. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security...

Cisco Releases Security Updates

Original release date: May 22, 2020Cisco has released security updates to address vulnerabilities in Unified CCX software and Prime Network Registrar. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review...

VMware

Working with VMware AppDefense without SaaS subscription

Architecture of AppDefense in Non-SaaS Setting The VMware vSphere Platinum edition delivers advanced security capabilities fully integrated into the hypervisor. It combines the industry leading capabilities of vSphere with VMware AppDefense, delivering purpose-built VMs to secure applications. vSphere Platinum secures infrastructure and applications by leveraging the hypervisor and the power of machine learning in a way that is built-in, operationally simple, and with minimal overhead or impact on performance. vSphere...

AMD Display Driver Security Updates address CVE-2019-5685

Greetings from the VMware Security Response Center! We wanted to make you aware that AMD has released a security bulletin entitled ‘Shader Functionality Remote Code Execution‘ which documents remediation for CVE-2019-5049. This vulnerability has been shown to affect VMware Workstation and, as the article mentions, updated graphics drivers are available on the AMD support page. Customers should review the available documentation and direct technical inquiries to VMware Support for further assistance. The post...

WordPress

WordPress 5.3.1 Security and Maintenance Release

WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.1 by clicking the button at the top...