End-of-Day report
Timeframe: Mittwoch 23-05-2018 18:00 - Donnerstag 24-05-2018 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Vulnerabilities
Schneider Electric Patches XXE Vulnerability In Software
Schneider Electric on Tuesday issued fixes for a vulnerability its SoMachine Basic software that could result in disclosure and retrieval of arbitrary data.
https://threatpost.com/schneider-electric-patches-xxe-vulnerability-in-plcs/132220/
Bugtraq: [security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting
A potential security vulnerability has been identified in Micro Focus Universal CMDB/CMS and Micro Focus UCMDB Browser. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).
References: CVE-2018-6495 - Corss-Site Scripting (XSS)
http://www.securityfocus.com/archive/1/542037
Vuln: Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
Apache Batik is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Apache Batik 1.9.1 and prior versions are vulnerable.
http://www.securityfocus.com/bid/104252
Security updates for Thursday
Security updates have been issued by Debian (imagemagick), Fedora (curl, glibc, kernel, and thunderbird-enigmail), openSUSE (enigmail, knot, and python), Oracle (procps-ng), Red Hat (librelp, procps-ng, redhat-virtualization-host, rhev-hypervisor7, and unboundid-ldapsdk), Scientific Linux (procps-ng), SUSE (bash, ceph, icu, kvm, and qemu), and Ubuntu (procps and spice, spice-protocol).
https://lwn.net/Articles/755540/
IBM Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown.
http://www-01.ibm.com/support/docview.wss?uid=nas8N1022433&myns=ibmi&mynp=OCSSTS2D&mynp=OCSSC5L9&mynp=OCSSC52E&mynp=OCSWG60&mync=E&cm_sp=ibmi-_-OCSSTS2D-OCSSC5L9-OCSSC52E-OCSWG60-_-E
IBM Security Bulletin: IBM has released the following fixes for AIX and VIOS in response to Speculative Store Bypass (SSB), also known as Variant 4.
http://www-01.ibm.com/support/docview.wss?uid=isg3T1027700
IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSLP (CVE-2017-17833)
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099807
IBM Security Bulletin: IBM Integrated Management Module (IMM) is affected by vulnerability in OpenSLP (CVE-2017-17833)
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099806
IBM Security Bulletin: Multiple vulnerabilities affect db2exmig and db2exfmt tools shipped with IBM® Db2® (CVE-2018-1544, CVE-2018-1565)
http://www.ibm.com/support/docview.wss?uid=swg22016143
IBM Security Bulletin: Buffer overflow in the db2convert tool shipped with IBM® Db2® (CVE-2018-1515).
http://www.ibm.com/support/docview.wss?uid=swg22016140
IBM Security Bulletin: Buffer overflow in IBM® Db2® tool db2licm (CVE-2018-1488).
http://www.ibm.com/support/docview.wss?uid=swg22016141
IBM Security Bulletin: IBM® Db2® is vulnerable to buffer overflow (CVE-2018-1459).
http://www.ibm.com/support/docview.wss?uid=swg22016142
IBM Security Bulletin: IBM® Db2® is affected by multiple file overwrite vulnerabilities (CVE-2018-1450, CVE-2018-1449, CVE-2018-1451, CVE-2018-1452)
http://www.ibm.com/support/docview.wss?uid=swg22016181
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®.
http://www.ibm.com/support/docview.wss?uid=swg22015656
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ
http://www-01.ibm.com/support/docview.wss?uid=swg22016278
IBM Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by OpenSLP vulnerability (CVE-2017-17833)
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099809
IBM Security Bulletin: IBM Chassis Management Module (CMM) is affected by OpenSLP vulnerability (CVE-2017-17833)
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099808
IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server April 2018 CPU
http://www-01.ibm.com/support/docview.wss?uid=swg22016282