by CIRT Team
Intel Q3 2018 Speculative Execution Side Channel Update
Description: Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF). This method impacts select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX). Further investigation by Intel has identified two related applications of L1TF with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software. If used for malicious purposes, this class of vulnerability has the...
Read More
by CIRT Team
Oracle Releases Security Updates
Description: Oracle has released a security alert to address a vulnerability in multiple versions of Oracle Database. This Security Alert addresses an Oracle Database vulnerability in versions 11.2.0.4 and 12.2.0.1 on Windows. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
by CIRT Team
VMware Releases Security Updates
Description: Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability. Relevant Products VMware Horizon 6 VMware Horizon 7 VMware Horizon Client for Windows Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2018-0019.html
by CIRT Team
Linux Kernel TCP implementation vulnerable to Denial of Service
Description: The Linux kernel, versions 4.9+, is vulnerable to denial of service conditions with low rates of specially modified packets. Impact: An remote attacker may be able to trigger a denial-of-service condition against a system with an available open port. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/962459 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e
by CIRT Team
Drupal Releases Security Update
Description: Drupal has released a security update addressing a vulnerability in Drupal 8.x. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.drupal.org/SA-CORE-2018-005
by CIRT Team
Apache Security Updates for Apache Tomcat
Description: The Apache Software Foundation has released security updates to address vulnerabilities in Apache Tomcat versions 9.0.0.M9 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E
by CIRT Team
Cisco Releases Security Updates
Description: Cisco has released updates to address vulnerabilities affecting Cisco products. Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities
by CIRT Team
Oracle Releases Security Update
Description: Oracle has released its Critical Patch Update for July 2018 to address 334 vulnerabilities across multiple products. Impact: An attacker could exploit these vulnerabilities to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
by CIRT Team
Mozilla Releases Security Update for Thunderbird
Description: Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/
by CIRT Team
VMware Releases Security Updates
Description: VMware has released security updates to address vulnerabilities in VMware ESXi, Workstation, and Fusion. Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2018-0016.html
