Saturday, October 19, 2019
F5 Networks

Linux kernel vulnerability CVE-2019-16089

Linux kernel vulnerability CVE-2019-16089 Security Advisory Security Advisory Description An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does ...
F5 Networks

InfoZIP vulnerability CVE-2019-13232

InfoZIP vulnerability CVE-2019-13232 Security Advisory Security Advisory Description Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service ( ...
F5 Networks

Vim/Neovim vulnerability CVE-2019-12735

Vim/Neovim vulnerability CVE-2019-12735 Security Advisory Security Advisory Description getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS ...
F5 Networks

Ghostscript vulnerability CVE-2018-15909

Ghostscript vulnerability CVE-2018-15909 Security Advisory Security Advisory Description In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by ...
F5 Networks

Linux kernel vulnerability CVE-2016-10906

Linux kernel vulnerability CVE-2016-10906 Security Advisory Security Advisory Description An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use- ...
F5 Networks

Linux kernel vulnerability CVE-2018-20856

Linux kernel vulnerability CVE-2018-20856 Security Advisory Security Advisory Description An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_ ...
F5 Networks

Linux kernel vulnerability CVE-2019-13233

Linux kernel vulnerability CVE-2019-13233 Security Advisory Security Advisory Description In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an ...
F5 Networks

9p filesystem vulnerability CVE-2019-16413

9p filesystem vulnerability CVE-2019-16413 Security Advisory Security Advisory Description The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop ...
F5 Networks

OpenLDAP vulnerability CVE-2019-13565

OpenLDAP vulnerability CVE-2019-13565 Security Advisory Security Advisory Description An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, ...
F5 Networks

Linux kernel vulnerability CVE-2019-16714

Linux kernel vulnerability CVE-2019-16714 Security Advisory Security Advisory Description In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain ...
F5 Networks

Linux kernel vulnerability CVE-2019-15538

Linux kernel vulnerability CVE-2019-15538 Security Advisory Security Advisory Description An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS ...
F5 Networks

BIG-IP APM Edge Client logging vulnerability CVE-2019-6656

BIG-IP APM Edge Client logging vulnerability CVE-2019-6656 Security Advisory Security Advisory Description BIG-IP APM Edge Client logs the full BIG-IP APM session ID in the log files. (CVE-2019-6656)
F5 Networks

Linux kernel vulnerability CVE-2010-5331

Linux kernel vulnerability CVE-2010-5331 Security Advisory Security Advisory Description In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an ...
F5 Networks

ImageMagick vulnerability CVE-2019-13136

ImageMagick vulnerability CVE-2019-13136 Security Advisory Security Advisory Description ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in ...
F5 Networks

Apache Tomcat vulnerability CVE-2019-0221

Apache Tomcat vulnerability CVE-2019-0221 Security Advisory Security Advisory Description The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes ...
F5 Networks

Linux kernel vulnerability CVE-2017-18551

Linux kernel vulnerability CVE-2017-18551 Security Advisory Security Advisory Description An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an ...
F5 Networks

Linux kernel vulnerability CVE-2018-20976

Linux kernel vulnerability CVE-2018-20976 Security Advisory Security Advisory Description An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, ...
F5 Networks

Linux parse_audio_mixer_unit kernel vulnerability CVE-2019-15117

Linux parse_audio_mixer_unit kernel vulnerability CVE-2019-15117 Security Advisory Security Advisory Description parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 ...
F5 Networks

OpenSSL vulnerability CVE-2019-1547

OpenSSL vulnerability CVE-2019-1547 Security Advisory Security Advisory Description Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code ...
F5 Networks

OpenSSL vulnerability CVE-2019-1563

OpenSSL vulnerability CVE-2019-1563 Security Advisory Security Advisory Description In situations where an attacker receives automated notification of the success or failure of a decryption ...
The Register

Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app

Vatican coders exorcise API gremlins but, we must confess, they missed little monster.... Exclusive  The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers' personal information.…
SC Magazine

Trojanized Russian-language Tor browser lets attacks steal from users’ e-wallets

Researchers have discovered a trojanized version of a Tor private browser that targets Russian-speaking dark web marketplace visitors and lets cybercriminals steal from their e-wallet transactions. The developers behind the malicious browser have so far stolen at least $40,000 in...
SC Magazine

UC Browser potentially endangers 500 million users

The popular Android browser UC Browser was found to break several Google mobile app rules possibly placing up to 500 million of its users at risk. UC Browser, which is available from the Google Play store, was found by Zscaler ThreatLabZ...
ZDNet

US stopped using floppy disks to manage nuclear weapons arsenal

US Air Force switches to secure solid-state-based solution to replace antiquated floppy disks in SACCS nuclear weapons management system.
Bruce Schneier

Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef

It's likely the diamondback squid. There's a video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.