Tageszusammenfassung - 23.08.2018

End-of-Day report

Timeframe: Mittwoch 22-08-2018 18:00 - Donnerstag 23-08-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

News

Intel erklärt Hardware-Schutz gegen Spectre- & Meltdown-Lücken

Kommende "Cascade Lake"-Xeons sind gegen Meltdown-Attacken unempfindlich und auch gegen viele Spectre-Attacken - aber Software-Patches bleiben nötig.

http://heise.de/-4144368

Tool - OpenSSH: Neue Version beseitigt 19 Jahre alte Lücke

War bereits in der allerersten Version der Software enthalten - Angreifer konnten Nutzernamen raten

https://derstandard.at/2000085926326/OpenSSH-Neue-Version-beseitigt-19-Jahre-alte-Luecke

Vulnerabilities

Security updates for Thursday

Security updates have been issued by Debian (kernel and tomcat-native), Fedora (axis, CuraEngine-lulzbot, nodejs, python-uranium-lulzbot, and sleuthkit), Gentoo (chromium, lxc, networkmanager-vpnc, and ..

https://lwn.net/Articles/763283/

Synology-SA-18:49 Ghostscript

A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM) when the AirPrint feature is enabled.

https://www.synology.com/en-global/support/security/Synology_SA_18_49

Vuln: Multiple Symantec Products CVE-2018-5238 DLL Loading Local Privilege Escalation Vulnerability

http://www.securityfocus.com/bid/105100

IBM Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2018-1755)

https://www-01.ibm.com/support/docview.wss?uid=ibm10728689

IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a remote command injection vulnerability (CVE-2018-1722)

https://www-01.ibm.com/support/docview.wss?uid=ibm10719623

IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection. (CVE-2018-1699)

https://www-01.ibm.com/support/docview.wss?uid=ibm10725805

Side-channel processor vulnerability CVE-2018-3693

https://support.f5.com/csp/article/K54252492