2020年4月28日 星期二

[LSN-0065-1] Linux kernel vulnerability

---------- Forwarded message ---------
From: benjamin.romer@canonical.com
Date: Apr 15, 2020 7:33AM

Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual Machine)
emulated the IOAPIC. A privileged guest user could exploit this flaw to
read host memory or cause a denial of service (crash the host).
(CVE-2013-1798)

It was discovered that the KVM implementation in the Linux kernel, when
paravirtual TLB flushes are enabled in guests, the hypervisor in some
situations could miss deferred TLB flushes or otherwise mishandle them. An
attacker in a guest VM could use this to expose sensitive information (read
memory from another guest VM). (CVE-2019-3016)

Al Viro discovered that the vfs layer in the Linux kernel contained a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly expose sensitive information (kernel
memory). (CVE-2020-8428)

References:
  CVE-2013-1798, CVE-2019-3016, CVE-2020-8428

Roku: How to watch your local news live


Looking for live, local news coverage of events in your local areas? Here are tips on finding and streaming your local news.

TrendLabs: OpenSMTPD Vulnerability (CVE-2020-8794) Can Lead to Root Privilege Escalation and Remote Code Execution

Figure 3. Lines injected to envelope for older versions
Figure 3. Lines injected to envelope for older versions
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/opensmtpd-vulnerability-cve-2020-8794-can-lead-to-root-privilege-escalation-and-remote-code-execution/

[USN-4330-1] PHP vulnerabilities

---------- Forwarded message ---------
From: Leonidas S. Barbosa
Date: Apr 15, 2020 11:35PM

It was discovered that PHP incorrectly handled certain file uploads.
An attacker could possibly use this issue to cause a crash.
(CVE-2020-7062)

It was discovered that PHP incorrectly handled certain PHAR archive files.
An attacker could possibly use this issue to access sensitive information.
(CVE-2020-7063)

It was discovered that PHP incorrectly handled certain EXIF files.
An attacker could possibly use this issue to access sensitive information
or cause a crash. (CVE-2020-7064)

It was discovered that PHP incorrectly handled certain UTF strings.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2020-7065)

It was discovered that PHP incorrectly handled certain URLs.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10.
(CVE-2020-7066)

References:
  https://usn.ubuntu.com/4330-1
  CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065,
  CVE-2020-7066

Cloudflare: Introducing 1.1.1.1 for Families


REF: https://blog.cloudflare.com/introducing-1-1-1-1-for-families/

ADMIN: Kali Linux 2020.1 (Live)


REF: https://www.admin-magazine.com/Archive/2020/56/Kali-Linux-2020.1-Live

[Openvpn-announce] OpenVPN 2.4.9 released

---------- Forwarded message ---------
From: Samuli Seppänen
Date: Fri, Apr 17, 2020 at 8:54 PM

The OpenVPN community project team is proud to release OpenVPN 2.4.9. It
can be downloaded from here:

<https://openvpn.net/community-downloads/>

This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810, trac #1272)
which allows disrupting service of a freshly connected client that has
not yet not negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.

A summary of all included changes is available here:

<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst>

A full list of changes is available here:

<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24>

Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that.

what’s free next month on The Roku Channel

New on The Roku Channel
 
The best of what’s free next month on The Roku Channel

2020年4月20日 星期一

[USN-4329-1] Git vulnerability

---------- Forwarded message ---------
From: Marc Deslauriers
Date: Apr 15, 2020 7:32AM

Felix Wilhelm discovered that Git incorrectly handled certain URLs that
included newlines. A remote attacker could possibly use this issue to trick
Git into returning credential information for a wrong host.

References:
  https://usn.ubuntu.com/4329-1
  CVE-2020-5260

2020年4月19日 星期日

Cloudflare: How We Built CloudflareTV Loading..


REF: https://blog.cloudflare.com/remote-work-isnt-just-video-conferencing-how-we-built-cloudflaretv/

[USN-4325-1] Linux kernel vulnerabilities

---------- Forwarded message ---------
From: Steve Beattie
Date: Apr 8, 2020 7:59AM

It was discovered that the IPMI message handler implementation in the Linux
kernel did not properly deallocate memory in certain situations. A local
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2019-19046)

Al Viro discovered that the vfs layer in the Linux kernel contained a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly expose sensitive information (kernel
memory). (CVE-2020-8428)

References:
  https://usn.ubuntu.com/4325-1
  CVE-2019-19046, CVE-2020-8428

TrendLabs: Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan

Figure 1. Operation Overtrap three-pronged attack flow
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/operation-overtrap-targets-japanese-online-banking-users-via-bottle-exploit-kit-and-brand-new-cinobi-banking-trojan/

Cloudflare: Deploying security.txt on Workers


REF: https://blog.cloudflare.com/security-dot-txt/

[USN-4320-1] Linux kernel vulnerability

---------- Forwarded message ---------
From: Steve Beattie
Date: Apr 7, 2020 5:36AM

Al Viro discovered that the vfs layer in the Linux kernel contained a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly expose sensitive information (kernel
memory).

References:
  https://usn.ubuntu.com/4320-1
  CVE-2020-8428

Roku Express+ is simple, easy HD streaming

Roku Express Plus. Just $15.
Exclusive upgrade for you

[USN-4327-1] libssh vulnerability

---------- Forwarded message ---------
From: Marc Deslauriers
Date: Apr 9, 2020 9:14PM

Yasheng Yang discovered that libssh incorrectly handled AES-CTR ciphers. A
remote attacker could possibly use this issue to cause libssh to crash,
resulting in a denial of service.

References:
  https://usn.ubuntu.com/4327-1
  CVE-2020-1730

2020年4月11日 星期六

[USN-4317-1] Firefox vulnerabilities

---------- Forwarded message ---------
From: Chris Coulson
Date: Apr 4, 2020 9:41PM

Two use-after-free bugs were discovered in Firefox. If a user were tricked
in to opening a specially crafted website, an attacker could exploit these
to cause a denial of service or execute arbitrary code.fi

References:
  https://usn.ubuntu.com/4317-1
  CVE-2020-6819, CVE-2020-6820

Using Cloudflare to secure your cardholder data environment


REF: https://blog.cloudflare.com/using-cloudflare-to-secure-your-cardholder-data-environment/

FSF: Modern GNU/Linux Systems Should Run Old Games: Open Source Community

Modern GNU and Linux Systems Must Run Old Games Open Source Community
REF: https://fossbytes.com/modern-gnu-linux-systems-must-run-old-games-open-source-community/

Cloudflare: Why We Started Putting Unpopular Assets in Memory


REF: https://blog.cloudflare.com/why-we-started-putting-unpopular-assets-in-memory/

[USN-4309-1] Vim vulnerabilities

---------- Forwarded message ---------
From: Leonidas S. Barbosa
Date: Mar 24, 2020 12:06AM

It was discovered that Vim incorrectly handled certain sources.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and
Ubuntu 16.04 LTS (CVE-2017-1110)

It was discovered that Vim incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
(CVE-2017-5953)

It was discovered that Vim incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.06 LTS. (CVE-2018-20786)

It was discovered that Vim incorrectly handled certain inputs. An attacker
could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 19.10. (CVE-2019-20079)

It was discovered that Vim incorrectly handled certain files. An attacker
could possibly use this issue to execute arbitrary code. This issue
only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS.
(CVE-2017-6349, CVE-2017-6350)

References:
  https://usn.ubuntu.com/4309-1
  CVE-2017-11109, CVE-2017-5953, CVE-2017-6349, CVE-2017-6350,
  CVE-2018-20786, CVE-2019-20079

2020年4月6日 星期一

Roku: 11 ways to stream workouts at home

 
Miss the gym? Yoga classes? No problem. Workout at home for 10 minutes – or longer. All you need is a TV and your Roku device.

[USN-4313-1] Linux kernel vulnerability

---------- Forwarded message ---------
From: Steve Beattie
Date: Mar 31, 2020 2:39AM

Manfred Paul discovered that the bpf verifier in the Linux kernel did not
properly calculate register bounds for certain operations. A local attacker
could use this to expose sensitive information (kernel memory) or gain
administrative privileges.

References:
  https://usn.ubuntu.com/4313-1
  CVE-2020-8835

Cloudflare: Adding the Fallback Pool to the Load Balancing UI and other significant UI enhancements


REF: https://blog.cloudflare.com/adding-the-fallback-pool-to-the-load-balancing-ui/

2020年4月3日 星期五

Cloudflare: Cloudflare now supports security keys with Web Authentication (WebAuthn)!


REF: https://blog.cloudflare.com/cloudflare-now-supports-security-keys-with-web-authentication-webauthn/

[Checkmk Announce] New Checkmk stable release 1.6.0p11

---------- Forwarded message ---------
From: Checkmk Announcements
Date: Fri, Apr 3, 2020 at 2:09 AM

Checks & agents:
* 10691 mk_logwatch supports UTF-16 LE BOM encoded files
* 10753 FIX: Allow more printable ASCII characters in email addresses
* 10534 FIX: Check_MK discovery: Was not always able to discover new snmp checks
* 10840 FIX: Fix evaluation of time specific parameters if default parameters are tuple based
* 10984 FIX: Show upper levels in bandwidth graph
* 10942 FIX: agent_graylog: Updated mkp of feature pack to version 1.1
* 10944 FIX: agent_jira: Updated mkp of feature pack to version 1.2
* 10983 FIX: check_dns: Fix "DNS CRITICAL - expected 'A,B,...' but got 'B,A,...'"
* 10839 FIX: if.include: Fix missing performance data of interface groups on clusters
* 10838 FIX: lnx_if: Fix grouping of interfaces on clusters
* 10898 FIX: lnx_if: Fix unity parsing bug
* 10985 FIX: systemd_units: Fix single service discovery
* 10948 FIX: systemd_units: WATO rules modification to allow compability

User interface:
* 10754 Remove failed notifications immediately
* 11010 FIX: Fixed missleading host attribute help text
* 11009 FIX: Fixed possible ValueError while searching for werk id in release notes
* 11011 FIX: Fixed title for copied rulesets
* 10879 FIX: View CSV export: Add titles of icons to exported columns

WATO:
* 10533 WATO Rule Search: Performance Improvements
* 10869 FIX: Fix potential "Request-URI Too Long" error when editing huge tag groups
* 10874 FIX: Notification rules: Fix empty "Notification method" dropdown field
* 10875 FIX: Services: Escape service details equal to status views
* 10870 FIX: Tags: Fix exception when renaming an existing tag choice

You can download Checkmk from our download page:
 * https://checkmk.com/download.php

2020年4月2日 星期四

Cloudflare:Addressing the Web’s Client-Side Security Challenge


REF: https://blog.cloudflare.com/addressing-the-webs-client-side-security-challenge/

Roku: Making TV streaming at home a little easier

Home Together

Cloudflare: When Bloom filters don't bloom

bloom-filter@2x
REF: https://blog.cloudflare.com/when-bloom-filters-dont-bloom/

ADMIN: Suricata with built-in machine learning


REF: https://www.admin-magazine.com/Archive/2020/56/OPNids-Suricata-with-built-in-machine-learning

Cloudflare: Gen X Performance Tuning



TDP Comparison between the EPYC 7642, EPYC 7742 and top-end EPYC 7H12
REF: https://blog.cloudflare.com/gen-x-performance-tuning/

Join Automattic and Bitnami Developers as They Deploy WordPress



Automattic and Bitnami engineers have worked hand in hand to show you how to launch WordPress with Jetpack on Google Cloud Platform and optimize it for your website needs. The official WordPress image on Google Cloud Platform with the Jetpack plugin (included by default) helps you improve the performance and security of your site.

Using Cloudflare Gateway to Stay Productive (and turn off distractions) While Working Remotely


REF: https://blog.cloudflare.com/using-cloudflare-gateway-to-stay-productive-and-turn-off-distractions-while-working-remotely/

More free, live channels on Roku

10 more free, live channels added to The Roku Channel

Cloudflare: Securing Memory at EPYC Scale


REF: https://blog.cloudflare.com/securing-memory-at-epyc-scale/

TrendLabs: Security Risks in Online Coding Platforms

Figure 1. Local versus cloud-based IDE
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/security-risks-in-online-coding-platforms/

Cloudflare: RPKI and the RTR protocol


REF: https://blog.cloudflare.com/rpki-and-the-rtr-protocol/