Figure 1. Screen capture that shows that user namespaces are not used by default
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/why-running-a-privileged-container-in-docker-is-a-bad-idea/
2019年12月29日 星期日
Plex: Nifty new navigation
 |
Nifty new navigation
|
| Our universal navigation interface has been rolled out across all our devices, bringing a consistent navigation approach to all of our officially-supported apps. |
TrendLabs: Waterbear is Back, Uses API Hooking to Evade Security Product Detection
Figure 1. A typical Waterbear infection chain
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/waterbear-is-back-uses-api-hooking-to-evade-security-product-detection/
Cloudflare: Announcing deeper insights and new monitoring capabilities from Cloudflare Analytics
This week we’re excited to announce a number of new products and features that provide deeper security and reliability insights, “proactive” analytics when there’s a problem, and more powerful ways to explore your data.
REF: https://blog.cloudflare.com/announcing-deeper-insights-and-new-monitoring-capabilities/?utm_medium=email&utm_source=product-announcement&utm_campaign=analytics-week-2019
Plex: It’s the most moviest time of the year.
 |
| Pear trees, partridges, and calling birds don’t compare to unlimited FREE holiday movies on Plex. Get cozy and warm up with the “Holiday Yule Log”, then get in the spirit with A Belle for Christmas, Christmas All Over Again, Jingle Bells, A Christmas Carol, The Dog who Saved the Holidays and more. |
TrendLabs: (Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing
Figure 2. Arithmetic operations performed on the alphanumeric characters
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/almost-hollow-and-innocent-monero-miner-remains-undetected-via-process-hollowing/
Plex: Magical music
 |
| You now have the ability to add TIDAL content to your library so it shows up alongside your own personal music |
CodeWeavers: Announcing CrossOver 19.0.0
The capstone of CrossOver 19 is our new ability to run 32 bit Windows applications within a 64 bit process. This enables us to support 32 bit Windows applications on the new macOS release, Catalina, which removed all support for 32 bit applications in October.
...
In addition to that change, CrossOver’s core technology Wine has been updated to bring much of the developments of the past year to all of our users on both Mac and Linux. These changes include over 5,000 individual improvements, all of which will act together to improve the end user experience with CrossOver.
REF: https://www.codeweavers.com/support/forums/announce/?t=24;mhl=222780;msg=222780#msg222780
...
In addition to that change, CrossOver’s core technology Wine has been updated to bring much of the developments of the past year to all of our users on both Mac and Linux. These changes include over 5,000 individual improvements, all of which will act together to improve the end user experience with CrossOver.
REF: https://www.codeweavers.com/support/forums/announce/?t=24;mhl=222780;msg=222780#msg222780
TrendLabs: Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
Figure 9. Cassandra Crypter’s subscription plans
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/obfuscation-tools-found-in-the-capesand-exploit-kit-possibly-used-in-kurdishcoder-campaign/
ADMIN: Ubuntu Server 19.10 (Live)
- Support for nine months until July 2020
- Linux 5.3 kernel
- Updates to Qemu (v4.0), libvirt (v5.4), MySQL (v8.0), PostgreSQL (v11), and more
- A fresh set of fixes and refreshes to the installer
- A new Ubuntu Advantage service experience
Plex: Silky smooth content playback
 |
Silky smooth content playback
|
| For the last several months, we’ve been hard at work to enhance our playback engines, making sure your content looks as good and streams as smoothly as possible. |
MagicSoft Playout ver 7.4.10
MagicSoft Playout ver 7.4.10 was released and it adds :
REF: https://www.magicsoft.tv/news.html
- improved algorithm for assigning and calculating the duration of Live input entries
- support for importing playlists made on other databases (with different GUID identifier)
REF: https://www.magicsoft.tv/news.html
FSF: Replicant needs your help to liberate Android in 2020
The Free Software Foundation (FSF) supports the work of several important free software projects through fiscal sponsorship in a program we call Working Together for Free Software.
Donations to any of the Working Together for Free Software projects directly benefit the work that can be done. Too often, these projects are underfunded and developers are putting in a lot of personal time and effort to keep the project moving forward. Because of the FSF fiscal sponsorship, they can receive donations and apply for funding.
REF: https://www.fsf.org/blogs/community/replicant-needs-your-help-to-liberate-android-in-2020
Plex: Give the gift of Plex Pass
 |
Give the gift of Plex Pass
|
| Looking for a last minute holiday gift? Look no further than Plex! Give the gift that keeps on giving to someone you love. |
Proxmox VE 6.1 released
- Based on Debian Buster (10.2)
- Ceph Nautilus (14.2.4.1)
- Corosync 3.0
- Kernel 5.3
- LXC 3.2
- Qemu 4.1.1
- ZFS 0.8.2
REF: https://pve.proxmox.com/wiki/Roadmap#Proxmox_VE_6.1
TrendLabs: Mac Backdoor Linked to Lazarus Targets Korean Users
Figure 1. The spreadsheet displays a fairly known psychological test (similar to one found here); clicking on the smiley image on the top left shows a different response depending on the user’s answer.
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/mac-backdoor-linked-to-lazarus-targets-korean-users/
MagicSoft Recorder ver 2.3.0
MagicSoft Recorder ver 2.3.0 was released and it adds improved segmentation algorithm for better handling continuous recording ( 24/7/365 ).
REF: https://www.magicsoft.tv/news.html
REF: https://www.magicsoft.tv/news.html
How Cloudflare Stood up to a Patent Troll – and Won!
REF: https://blog.cloudflare.com/the-project-jengo-saga-how-cloudflare-stood-up-to-a-patent-troll-and-won/
[USN-4194-1] postgresql-common vulnerability
---------- Forwarded message ---------
Rich Mirch discovered that the postgresql-common pg_ctlcluster script
incorrectly handled directory creation. A local attacker could possibly use
this issue to escalate privileges.
References:
https://usn.ubuntu.com/4194-1
CVE-2019-3466
From: Marc Deslauriers
Date: Nov 15, 2019 3:42AM
Date: Nov 15, 2019 3:42AM
Rich Mirch discovered that the postgresql-common pg_ctlcluster script
incorrectly handled directory creation. A local attacker could possibly use
this issue to escalate privileges.
References:
https://usn.ubuntu.com/4194-1
CVE-2019-3466
TrendLabs: Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK
Figure 1. Operation ENDTRADE’s timeline
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/operation-endtrade-finding-multi-stage-backdoors-that-tick/
TrendLabs: Microsoft November 2019 Patch Tuesday Reveals 74 Patches Before Major Windows Update
Following the relatively light list from last month, November proved to be a much more eventful month for Microsoft users. The November Patch Tuesday holds more fixes with a total of 74 patches, 13 of which were classified as Critical patches for remote code execution (RCE) vulnerabilities. The remaining majority were rated as Important and included patches for Windows graphics components and Microsoft SharePoint, among others. This Patch Tuesday also coincides with the start of the rollout of the Windows 10 November 2019 Update, which is now available to users as an opt-in version via Windows Update.
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-november-2019-patch-tuesday-reveals-74-patches-before-major-windows-update/
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-november-2019-patch-tuesday-reveals-74-patches-before-major-windows-update/
[USN-4191-2] QEMU vulnerabilities
---------- Forwarded message ---------
It was discovered that the LSI SCSI adapter emulator implementation in QEMU
did not properly validate executed scripts. A local attacker could use this
to cause a denial of service. (CVE-2019-12068)
Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the
qxl paravirtual graphics driver implementation in QEMU contained a null
pointer dereference. A local attacker in a guest could use this to cause a
denial of service. (CVE-2019-12155)
Riccardo Schirone discovered that the QEMU bridge helper did not properly
validate network interface names. A local attacker could possibly use this
to bypass ACL restrictions. (CVE-2019-13164)
It was discovered that a heap-based buffer overflow existed in the SLiRP
networking implementation of QEMU. A local attacker in a guest could use
this to cause a denial of service or possibly execute arbitrary code in the
host. (CVE-2019-14378)
It was discovered that a use-after-free vulnerability existed in the SLiRP
networking implementation of QEMU. A local attacker in a guest could use
this to cause a denial of service. (CVE-2019-15890)
References:
https://usn.ubuntu.com/4191-2
https://usn.ubuntu.com/4191-1
CVE-2019-12068, CVE-2019-12155, CVE-2019-13164, CVE-2019-14378,
CVE-2019-15890
From: Steve Beattie
Date: Nov 14, 2019 9:04AM
Date: Nov 14, 2019 9:04AM
It was discovered that the LSI SCSI adapter emulator implementation in QEMU
did not properly validate executed scripts. A local attacker could use this
to cause a denial of service. (CVE-2019-12068)
Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the
qxl paravirtual graphics driver implementation in QEMU contained a null
pointer dereference. A local attacker in a guest could use this to cause a
denial of service. (CVE-2019-12155)
Riccardo Schirone discovered that the QEMU bridge helper did not properly
validate network interface names. A local attacker could possibly use this
to bypass ACL restrictions. (CVE-2019-13164)
It was discovered that a heap-based buffer overflow existed in the SLiRP
networking implementation of QEMU. A local attacker in a guest could use
this to cause a denial of service or possibly execute arbitrary code in the
host. (CVE-2019-14378)
It was discovered that a use-after-free vulnerability existed in the SLiRP
networking implementation of QEMU. A local attacker in a guest could use
this to cause a denial of service. (CVE-2019-15890)
References:
https://usn.ubuntu.com/4191-2
https://usn.ubuntu.com/4191-1
CVE-2019-12068, CVE-2019-12155, CVE-2019-13164, CVE-2019-14378,
CVE-2019-15890
Plex: Name that Tunefind!
 |
| Name that Tunefind! |
| Not sure about you, but sometimes when we hear a song on a show or movie, we gotta know what it is, particularly those hidden gems that don’t show up on the soundtrack. |
| Worry no more— we have integrated an awesome service from a company called Tunefind into Plex to do the work for you. Go to the preplay screen for movies or TV episodes on your server and see all the tracks that are found in the episode or film, playable right in Plex, using TIDAL’s massive library! |
[USN-4223-1] OpenJDK vulnerabilities
---------- Forwarded message ---------
From: Steve Beattie
Date: Dec 18, 2019 7:53AM
Several security issues were fixed in OpenJDK.
Software Description:
- openjdk-lts: Open Source Java implementation
- openjdk-8: Open Source Java implementation
References:
https://usn.ubuntu.com/4223-1
CVE-2019-2894, CVE-2019-2945, CVE-2019-2949, CVE-2019-2962,
CVE-2019-2964, CVE-2019-2973, CVE-2019-2975, CVE-2019-2977,
CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2987,
CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2999
From: Steve Beattie
Date: Dec 18, 2019 7:53AM
Several security issues were fixed in OpenJDK.
Software Description:
- openjdk-lts: Open Source Java implementation
- openjdk-8: Open Source Java implementation
References:
https://usn.ubuntu.com/4223-1
CVE-2019-2894, CVE-2019-2945, CVE-2019-2949, CVE-2019-2962,
CVE-2019-2964, CVE-2019-2973, CVE-2019-2975, CVE-2019-2977,
CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2987,
CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2999
TrendLabs: Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
Figure 5. Test code and resultsREF: https://blog.trendmicro.com/trendlabs-security-intelligence/patched-gif-processing-vulnerability-cve-2019-11932-still-afflicts-multiple-mobile-apps/
2019年12月4日 星期三
[USN-4195-1] MySQL vulnerabilities
---------- Forwarded message ---------
MySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/reln
https://dev.mysql.com/doc/reln
https://www.oracle.com/securit
References:
https://usn.ubuntu.com/4195-1
CVE-2019-2910, CVE-2019-2911, CVE-2019-2914, CVE-2019-2920,
CVE-2019-2922, CVE-2019-2923, CVE-2019-2924, CVE-2019-2938,
CVE-2019-2946, CVE-2019-2948, CVE-2019-2950, CVE-2019-2957,
CVE-2019-2960, CVE-2019-2963, CVE-2019-2966, CVE-2019-2967,
CVE-2019-2968, CVE-2019-2969, CVE-2019-2974, CVE-2019-2982,
CVE-2019-2991, CVE-2019-2993, CVE-2019-2997, CVE-2019-2998,
CVE-2019-3003, CVE-2019-3004, CVE-2019-3009, CVE-2019-3011,
CVE-2019-3018
From: Marc Deslauriers
Date: Nov 18, 2019 10:22PM
Date: Nov 18, 2019 10:22PM
18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/reln
https://dev.mysql.com/doc/reln
https://www.oracle.com/securit
References:
https://usn.ubuntu.com/4195-1
CVE-2019-2910, CVE-2019-2911, CVE-2019-2914, CVE-2019-2920,
CVE-2019-2922, CVE-2019-2923, CVE-2019-2924, CVE-2019-2938,
CVE-2019-2946, CVE-2019-2948, CVE-2019-2950, CVE-2019-2957,
CVE-2019-2960, CVE-2019-2963, CVE-2019-2966, CVE-2019-2967,
CVE-2019-2968, CVE-2019-2969, CVE-2019-2974, CVE-2019-2982,
CVE-2019-2991, CVE-2019-2993, CVE-2019-2997, CVE-2019-2998,
CVE-2019-3003, CVE-2019-3004, CVE-2019-3009, CVE-2019-3011,
CVE-2019-3018
TrendLabs: Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
Figure 1. Screenshots of Chatrious (left) and Apex App (right)
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-distributed-through-callerspy-mounts-initial-phase-of-a-targeted-attack/
[Checkmk Announce] New Checkmk stable release 1.6.0p6
---------- Forwarded message ---------
From: Checkmk Announcements
Date: Tue, Nov 12, 2019 at 4:34 AM
Checks & agents:
* 10194 Windows Agent: logwatch section size is limited now
* 10157 FIX: Now using /dev/null instead of closing stdin in all POSIX agents
* 10196 FIX: All text file of the Windows Agent now have Windows style line endings
* 10405 FIX: Allow filesystems in /var/lib/docker/ to be monitored
* 10156 FIX: Crash upon unexpected resource ID
* 10406 FIX: Fix Domino task check pluging to use newer PS check functions
* 10446 FIX: Output bits/s with the appropriate SI magnitude
* 10308 FIX: Recover performance data output for averaged bandwidth use in IF checks
* 10310 FIX: Remove duplicated check-output in IF checks on average data
* 10487 FIX: Warn if host has tag "Always use and expect piggback data" and no piggyback data is available
* 10192 FIX: Windows Agent User Config file is no more reset after service restart
* 10193 FIX: Windows Agent: Invalid entries have been removed from logwatch
* 10360 FIX: agent_aws: Fetch live data from AWS if special agent configuration has changed
* 8799 FIX: agent_kubernetes: accept millibytes as unit
* 8798 FIX: agent_kubernetes: allow the option 'No IP' for the Kubernetes master
* 10329 FIX: agent_splunk: Prevent InsecureRequestWarning
* 10358 FIX: check_mail_loop: Fixed exception: Failed to fetch mail NR ('NoneType' object has no attribute '__getitem__')
* 10448 FIX: emc_datadomain_mtree: add missing metric definition
* 10155 FIX: emcvnx_storage_pools: Crash upon missing auto-tiering info
* 10494 FIX: lnx_if: Fixed confusion of interface state UNKNOWN, DOWN if ethtool output is missing
* 10507 FIX: mk_oracle: Fixed missing option to set the TNS_ADMIN in the bakery
* 10508 FIX: mk_oracle: Fixed missing sysdg as role choice
* 10348 FIX: mssql_databases: Do not alert if instance is not running
* 10509 FIX: oracle_rman: Fixed wrong incremental Level 1 Backup
* 10449 FIX: ps: cleanup counters of processes which do not exist anymore
* 10300 FIX: sym_brightmail_queues: bug fix where WATO configuration did not alter behaviour
* 10408 FIX: Don't discover lparstat service on host without util info
NOTE: Please refer to the migration notes!
* 10447 FIX: agent_kubernetes: use new API versions
NOTE: Please refer to the migration notes!
* 10356 FIX: bluenet2_powerrail.{temp,humidity}: Fixed discovery of ALL temperature and humidity sensors
NOTE: Please refer to the migration notes!
* 8806 FIX: mk_oracle: Fixed discovery of XE instances on Oracle 18c
NOTE: Please refer to the migration notes!
* 8805 FIX: mk_oracle: Fixed jobs with auto_drop
NOTE: Please refer to the migration notes!
* 10359 FIX: mk_oracle: better support for mounted databases
NOTE: Please refer to the migration notes!
Core & setup:
* 10377 FIX: Fix terminating "cmk --update-dns-cache" with CTRL+C
* 10378 FIX: Improve "Update DNS cache" / cmk --update-dns-cache performance
* 7281 FIX: legacy local plugins: added missing register_hook call
Event console:
* 8797 FIX: Show the Contact Person in the Event Details view
HW/SW inventory:
* 10342 FIX: HW/SW Inventory: Do not overwrite inventory tree if ALL data sources of a host fail
* 10351 FIX: HW/SW Inventory: Do not pollute inventory archive if two numerations have different order but same entries
* 10347 FIX: if: Moved last change field to status data tree; otherwise the inventory history may be polluted
* 10346 FIX: lnx_if winperf_if if solaris_addresses: Fixed sorting interfaces; otherwise the inventory history may be polluted
* 10344 FIX: lnx_if: Do not inventorize dynamic IPv6 addresses which may pollute inventory history
* 10493 FIX: lnx_if: Use MAC address from command 'ip' if the command 'ethtool' is not available
* 10270 FIX: solaris_mem: Fix value and unit
NOTE: Please refer to the migration notes!
Other components:
* 10374 NagVis: Updated to 1.9.16
* 10372 FIX: stunnel: Improve logging of the daemon
Site management:
* 10371 FIX: omd restore: Fix possible version issues when default version is not the site version
* 10376 FIX: omd: Fix possible stopped system apache after removing a site
User interface:
* 10510 Added more link views for Host Groups (Summary)
* 10382 FIX: Dashboard: Add missing link for creating a new view as dashlet
* 10455 FIX: Don't display classical checkboxes in mobile GUI
* 10454 FIX: Don't show an error in Commands of mobile GUI
* 10373 FIX: Fix distributed update issue related to missing theme directory
* 10381 FIX: Fix editing dashlet views
* 10456 FIX: Fix redirection from login page in mobile GUI
* 10380 FIX: Fix view action menu in dashlets
* 10350 FIX: Fixed #rows on rulesets pages
* 10384 FIX: IE11 incompatibility: Fix reordering view painters
* 10489 FIX: Move ruleset "Piggybacked Host Files" to group "Access to Agents"
* 7285 FIX: Network Topology: fixed exception in exception when the maximal allowed node limit has been reached
* 10265 FIX: Password policy: Do not apply expiration time for LDAP users
* 10490 FIX: Rename ruleset "Piggybacked Host Files" to "Processing of Piggybacked Host Data"
* 10228 FIX: Several minor GUI fixes
* 10453 FIX: Show graphs in the mobile GUI
* 10452 FIX: Use mobile GUI for mobile devices
WATO:
* 10407 FIX: Consistent naming for levels in Check SQL Database active check
* 10264 FIX: Discovery page: Fix missing "toggle all" checkboxes (1.6.0p2 regression)
* 10379 FIX: Hostname search: Host bulk actions affected all hosts (1.6.0p4 regression)
* 10383 FIX: Make more background job results deletable
* 10375 FIX: NagVis backends now work with encrypted Livestatus
* 10287 FIX: Service Discovery: fix re-enabling services which were disabled in 1.4.0
* 10546 FIX: WATO changes: Improve table rendering with many affected sites
You can download Checkmk from our download page:
* https://checkmk.com/download.php
From: Checkmk Announcements
Date: Tue, Nov 12, 2019 at 4:34 AM
Checks & agents:
* 10194 Windows Agent: logwatch section size is limited now
* 10157 FIX: Now using /dev/null instead of closing stdin in all POSIX agents
* 10196 FIX: All text file of the Windows Agent now have Windows style line endings
* 10405 FIX: Allow filesystems in /var/lib/docker/ to be monitored
* 10156 FIX: Crash upon unexpected resource ID
* 10406 FIX: Fix Domino task check pluging to use newer PS check functions
* 10446 FIX: Output bits/s with the appropriate SI magnitude
* 10308 FIX: Recover performance data output for averaged bandwidth use in IF checks
* 10310 FIX: Remove duplicated check-output in IF checks on average data
* 10487 FIX: Warn if host has tag "Always use and expect piggback data" and no piggyback data is available
* 10192 FIX: Windows Agent User Config file is no more reset after service restart
* 10193 FIX: Windows Agent: Invalid entries have been removed from logwatch
* 10360 FIX: agent_aws: Fetch live data from AWS if special agent configuration has changed
* 8799 FIX: agent_kubernetes: accept millibytes as unit
* 8798 FIX: agent_kubernetes: allow the option 'No IP' for the Kubernetes master
* 10329 FIX: agent_splunk: Prevent InsecureRequestWarning
* 10358 FIX: check_mail_loop: Fixed exception: Failed to fetch mail NR ('NoneType' object has no attribute '__getitem__')
* 10448 FIX: emc_datadomain_mtree: add missing metric definition
* 10155 FIX: emcvnx_storage_pools: Crash upon missing auto-tiering info
* 10494 FIX: lnx_if: Fixed confusion of interface state UNKNOWN, DOWN if ethtool output is missing
* 10507 FIX: mk_oracle: Fixed missing option to set the TNS_ADMIN in the bakery
* 10508 FIX: mk_oracle: Fixed missing sysdg as role choice
* 10348 FIX: mssql_databases: Do not alert if instance is not running
* 10509 FIX: oracle_rman: Fixed wrong incremental Level 1 Backup
* 10449 FIX: ps: cleanup counters of processes which do not exist anymore
* 10300 FIX: sym_brightmail_queues: bug fix where WATO configuration did not alter behaviour
* 10408 FIX: Don't discover lparstat service on host without util info
NOTE: Please refer to the migration notes!
* 10447 FIX: agent_kubernetes: use new API versions
NOTE: Please refer to the migration notes!
* 10356 FIX: bluenet2_powerrail.{temp,humidity}: Fixed discovery of ALL temperature and humidity sensors
NOTE: Please refer to the migration notes!
* 8806 FIX: mk_oracle: Fixed discovery of XE instances on Oracle 18c
NOTE: Please refer to the migration notes!
* 8805 FIX: mk_oracle: Fixed jobs with auto_drop
NOTE: Please refer to the migration notes!
* 10359 FIX: mk_oracle: better support for mounted databases
NOTE: Please refer to the migration notes!
Core & setup:
* 10377 FIX: Fix terminating "cmk --update-dns-cache" with CTRL+C
* 10378 FIX: Improve "Update DNS cache" / cmk --update-dns-cache performance
* 7281 FIX: legacy local plugins: added missing register_hook call
Event console:
* 8797 FIX: Show the Contact Person in the Event Details view
HW/SW inventory:
* 10342 FIX: HW/SW Inventory: Do not overwrite inventory tree if ALL data sources of a host fail
* 10351 FIX: HW/SW Inventory: Do not pollute inventory archive if two numerations have different order but same entries
* 10347 FIX: if: Moved last change field to status data tree; otherwise the inventory history may be polluted
* 10346 FIX: lnx_if winperf_if if solaris_addresses: Fixed sorting interfaces; otherwise the inventory history may be polluted
* 10344 FIX: lnx_if: Do not inventorize dynamic IPv6 addresses which may pollute inventory history
* 10493 FIX: lnx_if: Use MAC address from command 'ip' if the command 'ethtool' is not available
* 10270 FIX: solaris_mem: Fix value and unit
NOTE: Please refer to the migration notes!
Other components:
* 10374 NagVis: Updated to 1.9.16
* 10372 FIX: stunnel: Improve logging of the daemon
Site management:
* 10371 FIX: omd restore: Fix possible version issues when default version is not the site version
* 10376 FIX: omd: Fix possible stopped system apache after removing a site
User interface:
* 10510 Added more link views for Host Groups (Summary)
* 10382 FIX: Dashboard: Add missing link for creating a new view as dashlet
* 10455 FIX: Don't display classical checkboxes in mobile GUI
* 10454 FIX: Don't show an error in Commands of mobile GUI
* 10373 FIX: Fix distributed update issue related to missing theme directory
* 10381 FIX: Fix editing dashlet views
* 10456 FIX: Fix redirection from login page in mobile GUI
* 10380 FIX: Fix view action menu in dashlets
* 10350 FIX: Fixed #rows on rulesets pages
* 10384 FIX: IE11 incompatibility: Fix reordering view painters
* 10489 FIX: Move ruleset "Piggybacked Host Files" to group "Access to Agents"
* 7285 FIX: Network Topology: fixed exception in exception when the maximal allowed node limit has been reached
* 10265 FIX: Password policy: Do not apply expiration time for LDAP users
* 10490 FIX: Rename ruleset "Piggybacked Host Files" to "Processing of Piggybacked Host Data"
* 10228 FIX: Several minor GUI fixes
* 10453 FIX: Show graphs in the mobile GUI
* 10452 FIX: Use mobile GUI for mobile devices
WATO:
* 10407 FIX: Consistent naming for levels in Check SQL Database active check
* 10264 FIX: Discovery page: Fix missing "toggle all" checkboxes (1.6.0p2 regression)
* 10379 FIX: Hostname search: Host bulk actions affected all hosts (1.6.0p4 regression)
* 10383 FIX: Make more background job results deletable
* 10375 FIX: NagVis backends now work with encrypted Livestatus
* 10287 FIX: Service Discovery: fix re-enabling services which were disabled in 1.4.0
* 10546 FIX: WATO changes: Improve table rendering with many affected sites
You can download Checkmk from our download page:
* https://checkmk.com/download.php
[LSN-0059-1] Linux kernel vulnerability
---------- Forwarded message ---------
Date: Nov 13, 2019 7:43AM
CVE-2018-12207
On an Ubuntu KVM host configured to use huge pages, a malicious KVM guest
can cause a host machine check exception (MCE) capable of bringing down
the host OS.
CVE-2019-0154
On Intel processors containing an i915 graphics processing unit, it is
possible from userspace to cause a GPU hang in certain low-power states by
reading a specific memory-mapped IO register.
CVE-2019-0155
On Intel processors containing an i915 graphics processing unit, it is
possible to use the GPU's blitter command streamer to write to
memory-mapped IO locations, which could be used for privilege escalation
or to leak kernel memory.
CVE-2019-11135
On Intel processors with support for Transactional Synchronization
Extensions (TSX), it is possible to exploit a transactional asynchronous
abort (TAA) to perform a side-channel attack and leak kernel memory.
References:
CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135
Date: Nov 13, 2019 7:43AM
CVE-2018-12207
On an Ubuntu KVM host configured to use huge pages, a malicious KVM guest
can cause a host machine check exception (MCE) capable of bringing down
the host OS.
CVE-2019-0154
On Intel processors containing an i915 graphics processing unit, it is
possible from userspace to cause a GPU hang in certain low-power states by
reading a specific memory-mapped IO register.
CVE-2019-0155
On Intel processors containing an i915 graphics processing unit, it is
possible to use the GPU's blitter command streamer to write to
memory-mapped IO locations, which could be used for privilege escalation
or to leak kernel memory.
CVE-2019-11135
On Intel processors with support for Transactional Synchronization
Extensions (TSX), it is possible to exploit a transactional asynchronous
abort (TAA) to perform a side-channel attack and leak kernel memory.
References:
CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135
TrendLabs: 49 Disguised Adware Apps With Optimized Evasion Features Found on Google Play
Figure 2. Screen captures of codes showing how the malicious app’s icon is hidden or removed
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/49-disguised-adware-apps-with-optimized-evasion-features-found-on-google-play/
[Openvpn-announce] OpenVPN 2.4.8 released
---------- Forwarded message ---------
From: Samuli Seppänen
Date: Thu, Oct 31, 2019 at 6:37 PM
This is primarily a maintenance release with bugfixes and improvements.
The Windows installers (I601) have several improvements compared to the
previous release:
* New tap-windows6 driver (9.24.2) which fixes some suspend and resume
issues
* Latest OpenVPN-GUI
* Considerable performance boost due to new compiler optimization flags
Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that.
From: Samuli Seppänen
Date: Thu, Oct 31, 2019 at 6:37 PM
This is primarily a maintenance release with bugfixes and improvements.
The Windows installers (I601) have several improvements compared to the
previous release:
* New tap-windows6 driver (9.24.2) which fixes some suspend and resume
issues
* Latest OpenVPN-GUI
* Considerable performance boost due to new compiler optimization flags
Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that.
TrendLabs: More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
Figure 1. Schema showing the multiple obfuscation layers that APT33 uses
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/
[USN-4167-1] Samba vulnerabilities
---------- Forwarded message ---------
From: Marc Deslauriers
Date: Oct 29, 2019 9:20PM
Michael Hanselmann discovered that the Samba client code incorrectly
handled path separators. If a user were tricked into connecting to a
malicious server, a remote attacker could use this issue to cause the
client to access local pathnames instead of network pathnames.
(CVE-2019-10218)
Simon Fonteneau and Björn Baumbach discovered that Samba incorrectly
handled the check password script. This issue could possibly bypass custom
password complexity checks, contrary to expectations. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-14833)
Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control.
A remote attacker with "get changes" permissions could possibly use this
issue to cause Samba to crash, resulting in a denial of service.
(CVE-2019-14847)
References:
https://usn.ubuntu.com/4167-1
CVE-2019-10218, CVE-2019-14833, CVE-2019-14847
From: Marc Deslauriers
Date: Oct 29, 2019 9:20PM
Michael Hanselmann discovered that the Samba client code incorrectly
handled path separators. If a user were tricked into connecting to a
malicious server, a remote attacker could use this issue to cause the
client to access local pathnames instead of network pathnames.
(CVE-2019-10218)
Simon Fonteneau and Björn Baumbach discovered that Samba incorrectly
handled the check password script. This issue could possibly bypass custom
password complexity checks, contrary to expectations. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-14833)
Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control.
A remote attacker with "get changes" permissions could possibly use this
issue to cause Samba to crash, resulting in a denial of service.
(CVE-2019-14847)
References:
https://usn.ubuntu.com/4167-1
CVE-2019-10218, CVE-2019-14833, CVE-2019-14847
TrendLabs: New Exploit Kit Capesand Reuses Old and New Public Exploits and Tools, Blockchain Ruse
Figure 2. Capesand exploit kit traffic patternREF: https://blog.trendmicro.com/trendlabs-security-intelligence/new-exploit-kit-capesand-reuses-old-and-new-public-exploits-and-tools-blockchain-ruse/
MagicSoft CG ver 8.2.3
MagicSoft CG ver 8.2.3 adds :
- NDI input and output for all video modes
- improved performance in 4K video modes for "picture in picture" when using Decklink or NDI as input
- improved management of the projects in CG server
REF: https://www.magicsoft.tv/news.html
- NDI input and output for all video modes
- improved performance in 4K video modes for "picture in picture" when using Decklink or NDI as input
- improved management of the projects in CG server
TrendLabs: Current and Future Hacks and Attacks that Threaten Esports
Figure 1. Page offering custom hardware hacks, with prices starting at US$500
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/current-and-future-hacks-and-attacks-that-threaten-esports/
LM: Red Hat Announces CentOS Stream
CentOS Stream will sit somewhere between Fedora and RHEL to provide a place for developers who want to get their packages in RHEL. So far Fedora was used as a fast moving upstream project for RHEL. Red Hat forks code from Fedora to build the next version of RHEL. However, most enterprise-centric users were on CentOS and not Fedora, and there was not a direct path for those users to target RHEL, as CentOS was downstream of RHEL. With CentOS stream, developers can start playing with what to expect next in RHEL, and they can also submit patches.
REF: http://www.linux-magazine.com/Online/News/Red-Hat-Announces-CentOS-Stream
REF: http://www.linux-magazine.com/Online/News/Red-Hat-Announces-CentOS-Stream
Plex: Multitask Live TV and DVR on Apple
 |
Multitask Live TV and DVR on Apple
|
| Professional binge watchers rejoice! Now for iOS and Apple TV users, you can simultaneously watch Live TV while scheduling your next recording without missing a beat. |
訂閱:
文章 (Atom)