REF: https://blog.cloudflare.com/covid-19-impacts-on-internet-traffic-seattle-italy-and-south-korea/
2020年6月27日 星期六
Cloudflare: COVID-19 impacts on Internet traffic: Seattle, Northern Italy and South Korea
REF: https://blog.cloudflare.com/covid-19-impacts-on-internet-traffic-seattle-italy-and-south-korea/
[USN-4404-2] Linux kernel vulnerabilities
---------- Forwarded message ---------
From: Steve Beattie <steve.beattie@canonical.com>
Date: Jun 26, 2020 5:49AM
Thomas E. Carroll discovered that the NVIDIA Cuda grpahics driver did not
properly perform access control when performing IPC. An attacker could use
this to cause a denial of service or possibly execute arbitrary code.
(CVE-2020-5963)
It was discovered that the UVM driver in the NVIDIA graphics driver
contained a race condition. A local attacker could use this to cause a
denial of service. (CVE-2020-5967)
It was discovered that the NVIDIA virtual GPU guest drivers contained
an unspecified vulnerability that could potentially lead to privileged
operation execution. An attacker could use this to cause a denial of
service. (CVE-2020-5973)
References:
https://usn.ubuntu.com/4404-2
https://usn.ubuntu.com/4404-1
CVE-2020-5963, CVE-2020-5967, CVE-2020-5973
TrendLabs: Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining
Figure 1. Setting keys as cron tasksREF: https://blog.trendmicro.com/trendlabs-security-intelligence/exposed-redis-instances-abused-for-remote-code-execution-cryptocurrency-mining/
[USN-4383-1] Firefox vulnerabilities
---------- Forwarded message ---------
From: Chris Coulson <chris.coulson@canonical.com>
Date: Jun 5, 2020 4:58AM
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
addressbar, or execute arbitrary code. (CVE-2020-12405, CVE-2020-12406,
CVE-2020-12407, CVE-2020-12408, CVE-2020-12409, CVE-2020-12410,
CVE-2020-12411)
It was discovered that NSS showed timing differences when performing DSA
signatures. An attacker could potentially exploit this to obtain private
keys using a timing attack. (CVE-2020-12399)
References:
https://usn.ubuntu.com/4383-1
CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12407,
CVE-2020-12408, CVE-2020-12409, CVE-2020-12410, CVE-2020-12411
[USN-4382-1] FreeRDP vulnerabilities
---------- Forwarded message ---------
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Date: Jun 4, 2020 9:51PM
It was discovered that FreeRDP incorrectly handled certain memory
operations. A remote attacker could use this issue to cause FreeRDP to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
References:
https://usn.ubuntu.com/4382-1
CVE-2020-11042, CVE-2020-11045, CVE-2020-11046, CVE-2020-11048,
CVE-2020-11049, CVE-2020-11058, CVE-2020-11521, CVE-2020-11522,
CVE-2020-11523, CVE-2020-11525, CVE-2020-11526, CVE-2020-13396,
CVE-2020-13397, CVE-2020-13398
Cloudflare: Announcing Network Analytics
REF: https://blog.cloudflare.com/announcing-network-analytics/
[CentOS-announce] Release for CentOS Linux 8 (2004)
---------- Forwarded message ---------
From: Brian Stinson <bstinson@centosproject.org>
Date: Jun 16, 2020 12:46AM
We are pleased to announce the general availability of CentOS Linux 8.
Effectively immediately, this is the current release for CentOS Linux 8
and is tagged as 2004, derived
from Red Hat Enterprise Linux 8.2 Source Code.
As always, read through the Release Notes at :
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS8.2004 - these notes
contain important information about the release and details about some
of the content inside the release from the CentOS QA team. These notes
are updated constantly to include issues and incorporate feedback from
the users.
Speeding up Linux disk encryption
REF: https://blog.cloudflare.com/speeding-up-linux-disk-encryption/
[openssh-unix-announce] Announce: OpenSSH 8.3 released
---------- Forwarded message ---------
From: Damien Miller <djm@openbsd.org>
Date: May 27, 2020 3:33PM
OpenSSH 8.3 has just been released. It will be available from the
mirrors listed at https://www.openssh.com/ shortly.
Changes since OpenSSH 8.2
=========================
The focus of this release is bug fixing.
Reporting Bugs:
===============
- Please read https://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com
Bitnami's First Product Launch within VMware: Tanzu Application Catalog
 | |
The Bitnami team is excited to announce our first product within VMware is part of the VMware Tanzu portfolio. Tanzu Application Catalog brings a selection of open source applications and components continuously tested and maintained for the enterprise. With Tanzu Application Catalog, developers can increase their productivity by using pre-packaged and production-ready containers and charts while operators ensure IT security and governance. Check out the announcement of TAC within the VMware Tanzu portfolio.
|
[USN-4367-2] Linux kernel regression
---------- Forwarded message ---------
From: Steve Beattie <steve.beattie@canonical.com>
Date: May 29, 2020 7:10AM
USN-4367-1 fixed vulnerabilities in the 5.4 Linux kernel. Unfortunately,
that update introduced a regression in overlayfs. This update corrects
the problem.
References:
https://usn.ubuntu.com/4367-2
https://usn.ubuntu.com/4367-1
https://launchpad.net/bugs/1879690
Cloudflare: Introducing Quicksilver: Configuration Distribution at Internet Scale
REF: https://blog.cloudflare.com/introducing-quicksilver-configuration-distribution-at-internet-scale/
2020年6月14日 星期日
[USN-4376-1] OpenSSL vulnerabilities
---------- Forwarded message ---------
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Date: May 28, 2020 9:23PM
Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin,
Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL
incorrectly handled ECDSA signatures. An attacker could possibly use this
issue to perform a timing side-channel attack and recover private ECDSA
keys. (CVE-2019-1547)
Matt Caswell discovered that OpenSSL incorrectly handled the random number
generator (RNG). This may result in applications that use the fork() system
call sharing the same RNG state between the parent and the child, contrary
to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu
19.10. (CVE-2019-1549)
Guido Vranken discovered that OpenSSL incorrectly performed the x86_64
Montgomery squaring procedure. While unlikely, a remote attacker could
possibly use this issue to recover private keys. (CVE-2019-1551)
Bernd Edlinger discovered that OpenSSL incorrectly handled certain
decryption functions. In certain scenarios, a remote attacker could
possibly use this issue to perform a padding oracle attack and decrypt
traffic. (CVE-2019-1563)
References:
https://usn.ubuntu.com/4376-1
CVE-2019-1547, CVE-2019-1549, CVE-2019-1551, CVE-2019-1563
LibreSSL 3.2.0 Released
---------- Forwarded message ---------
From: Brent Cook <busterb@gmail.com>
Date: Mon, Jun 1, 2020 at 9:16 AM
This is the first development release from the 3.2.x series, which willFrom: Brent Cook <busterb@gmail.com>
Date: Mon, Jun 1, 2020 at 9:16 AM
eventually be part of OpenBSD 6.8.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
TrendLabs: QNodeService: Node.js Trojan Spread via Covid-19 Lure
Figure 11. WebSocket handshake[USN-4375-1] PHP vulnerability
---------- Forwarded message ---------
From: Leonidas S. Barbosa <leo.barbosa@canonical.com>
Date: May 28, 2020 3:55AM
It was discovered that PHP incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
References:
https://usn.ubuntu.com/4375-1
CVE-2019-11048
TrendLabs: Targeted Ransomware Attack Hits Taiwanese Organizations
Figure 1. Reflective loading of the .DLL file[USN-4371-1] libvirt vulnerabilities
---------- Forwarded message ---------
From: Marc Deslauriers
Date: May 22, 2020 2:46AM
It was discovered that libvirt incorrectly handled an active pool without a
target path. A remote attacker could possibly use this issue to cause
libvirt to crash, resulting in a denial of service. (CVE-2020-10703)
It was discovered that libvirt incorrectly handled memory when retrieving
certain domain statistics. A remote attacker could possibly use this issue
to cause libvirt to consume resources, resulting in a denial of service.
This issue only affected Ubuntu 19.10. (CVE-2020-12430)
References:
https://usn.ubuntu.com/4371-1
CVE-2020-10703, CVE-2020-12430
From: Marc Deslauriers
Date: May 22, 2020 2:46AM
It was discovered that libvirt incorrectly handled an active pool without a
target path. A remote attacker could possibly use this issue to cause
libvirt to crash, resulting in a denial of service. (CVE-2020-10703)
It was discovered that libvirt incorrectly handled memory when retrieving
certain domain statistics. A remote attacker could possibly use this issue
to cause libvirt to consume resources, resulting in a denial of service.
This issue only affected Ubuntu 19.10. (CVE-2020-12430)
References:
https://usn.ubuntu.com/4371-1
CVE-2020-10703, CVE-2020-12430
TrendLabs: Gamaredon APT Group Use Covid-19 Lure in Campaigns
Figure 1. The infection chain of the Gamaredon campaign
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/
Updated Debian 10: 10.4 released
---------- Forwarded message ---------
From: Laura Arjona Reina
Date: May 9, 2020 9:06PM
The Debian project is pleased to announce the fourth update of its
stable distribution Debian 10 (codename "buster"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to, or contact the
stable release team at.
From: Laura Arjona Reina
Date: May 9, 2020 9:06PM
The Debian project is pleased to announce the fourth update of its
stable distribution Debian 10 (codename "buster"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to
stable release team at
TrendLabs: WebMonitor RAT Bundled with Zoom Installer
Figure 2. Snippets of the strings from the partially unpacked payload
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/webmonitor-rat-bundled-with-zoom-installer/
[USN-4359-1] APT vulnerability
---------- Forwarded message ---------
From: Alex Murray
Date: May 14, 2020 10:36AM
It was discovered that APT incorrectly handled certain filenames during
package installation. If an attacker could provide a specially crafted
package to be installed by the system administrator, this could cause APT
to crash.
References:
https://usn.ubuntu.com/4359-1
CVE-2020-3810
From: Alex Murray
Date: May 14, 2020 10:36AM
It was discovered that APT incorrectly handled certain filenames during
package installation. If an attacker could provide a specially crafted
package to be installed by the system administrator, this could cause APT
to crash.
References:
https://usn.ubuntu.com/4359-1
CVE-2020-3810
TrendLabs: Zoomed In: A Look into a Coinminer Bundled with Zoom Installer
Figure 3. A detailed breakdown of the file’s contents
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
[USN-4333-1] Python vulnerabilities
---------- Forwarded message ---------
It was discovered that Python incorrectly stripped certain characters from
requests. A remote attacker could use this issue to perform CRLF injection.
(CVE-2019-18348)
It was discovered that Python incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-8492)
References:
https://usn.ubuntu.com/4333-1
CVE-2019-18348, CVE-2020-8492
From: Leonidas S. Barbosa
Date: Apr 21, 2020 9:51PM
Date: Apr 21, 2020 9:51PM
It was discovered that Python incorrectly stripped certain characters from
requests. A remote attacker could use this issue to perform CRLF injection.
(CVE-2019-18348)
It was discovered that Python incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-8492)
References:
https://usn.ubuntu.com/4333-1
CVE-2019-18348, CVE-2020-8492
Cloudflare: International Women’s Day 2020: Building a Modern Security Team
訂閱:
文章 (Atom)