End-of-Day report
Timeframe: Dienstag 17-12-2019 18:00 - Mittwoch 18-12-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Forthcoming OpenSSL release
The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.0.2u. This release will be made available on Friday 20th December 2019 between 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551 previously announced here: https://www.openssl.org/news/secadv/20191206.txt
https://mta.openssl.org/pipermail/openssl-announce/2019-December/000164.html
Betrügerische Zahlungsaufforderungen von top-urlaub.info nicht bezahlen!
Zahlreiche InternetnutzerInnen berichten uns momentan von betrügerischen Rechnungen und Zahlungsaufforderungen der Next Trip Ltd. Sie stoßen auf eine Werbung auf sozialen Netzwerken, die günstige Urlaubsangebote verspricht. Eine Registrierung führt zu hohen Zahlungsaufforderungen wegen einer angeblich abgeschlossenen Jahresmitgliedschaft. Die Rechnung über 239,90 Euro muss in derartigen Fällen nicht bezahlt werden!
https://www.watchlist-internet.at/news/betruegerische-zahlungsaufforderungen-von-top-urlaubinfo-nicht-bezahlen/
Vulnerabilities
Google Releases Security Updates for Chrome for Windows, Mac, and Linux
Google has released security updates for Chrome version 79.0.3945.88 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/12/18/google-releases-security-updates-chrome-windows-mac-and-linux
Microsoft Releases Out-of-Band Security Updates
Microsoft has released out-of-band security updates to address a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information.
https://www.us-cert.gov/ncas/current-activity/2019/12/18/microsoft-releases-out-band-security-updates
SpamAssassin 3.4.3 available
Apache SpamAssassin 3.4.3 contains numerous tweaks and bug fixes as we prepare to move to version 4.0.0 with better, native UTF-8 handling. There are a number of functional patches, improvements as well as security reasons to upgrade to 3.4.3. In this release, there are bug fixes for two CVEs.
https://lwn.net/Articles/807539/
Security updates for Wednesday
Security updates have been issued by Debian (debian-edu-config, harfbuzz, libvorbis, and python-ecdsa), Fedora (chromium, fribidi, libssh, and openslp), openSUSE (chromium), Oracle (grub2), Red Hat (rh-maven35-apache-commons-beanutils), SUSE (kernel, libssh, mariadb, samba, and xen), and Ubuntu (openjdk-8, openjdk-lts).
https://lwn.net/Articles/807609/
Dell XPS 13 2-in-1 (7390): Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/12/warnmeldung_tw-t19-0188.html
GE S2020/S2020G Fast Switch 61850
https://www.us-cert.gov/ics/advisories/icsa-19-351-01
Security Advisory - Improper Access Control Vulnerability in Huawei Share
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191218-01-share-en
Security Advisory - Insufficient Input Validation Vulnerability in Huawei Share
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191218-02-share-en
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Smart Phones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191218-02-smartphone-en
Security Advisory - Information Disclosure Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191218-03-information-en
Security Bulletin: vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect/
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js by Prototype Pollution vulnerabiliy
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-node-js-by-prototype-pollution-vulnerabiliy/
Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models V840 and V9000
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-linux-kernel-affect-the-ibm-flashsystem-models-v840-and-v9000/
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-node-js-vulnerabilities/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-transformation-advisor-2/
Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-2/
Security Bulletin: IBM Planning Analytics has addressed a Security Vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-has-addressed-a-security-vulnerability/
Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models 840 and 900
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-linux-kernel-affect-the-ibm-flashsystem-models-840-and-900/
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center/