No Image

Meet the BlueHat Content Advisory Board

2019-09-19 KENNETH 0

Meet the BlueHat Content Advisory Board We couldn’t do BlueHat without the Content Advisory Board, the brain trust reviewing submissions to the CFP. Representing both Microsoft and other parts of security community, the CAB applies their industry and speaker experience to create the BlueHat agenda that’s the right mix of topics and perspectives. We really appreciate the time these people take … Meet the BlueHat Content Advisory Board Read More » The post Meet the BlueHat Content Advisory Board appeared first on Microsoft Security Response Center. Source: Meet the BlueHat Content Advisory Board

No Image

USN-4128-2: Tomcat vulnerabilities

2019-09-18 KENNETH 0

USN-4128-2: Tomcat vulnerabilities tomcat9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in Tomcat 9. Software Description tomcat9 – Servlet and JSP engine Details It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 9 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-10072) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libtomcat9-java – 9.0.16-3ubuntu0.19.04.1 tomcat9 – 9.0.16-3ubuntu0.19.04.1 Ubuntu 18.04 LTS libtomcat9-java – 9.0.16-3ubuntu0.18.04.1 tomcat9 – 9.0.16-3ubuntu0.18.04.1 To update your system, please follow [ more… ]

No Image

USN-4136-2: wpa_supplicant and hostapd vulnerability

2019-09-18 KENNETH 0

USN-4136-2: wpa_supplicant and hostapd vulnerability wpa, wpasupplicant vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary wpa_supplicant could be made to be disconnected and require reconnection to the network if it received a specially crafted management frame. Software Description wpa – client support for WPA and WPA2 wpasupplicant – client support for WPA and WPA2 Details USN-4136-1 fixed a vulnerability in wpa_supplicant. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM hostapd – 1:2.1-0ubuntu1.7+esm2 wpasupplicant – 2.1-0ubuntu1.7+esm2 Ubuntu 12.04 ESM [ more… ]

No Image

USN-4136-1: wpa_supplicant and hostapd vulnerability

2019-09-18 KENNETH 0

USN-4136-1: wpa_supplicant and hostapd vulnerability wpa vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary wpa_supplicant could be made to be disconnected and require reconnection to the network if it received a specially crafted management frame. Software Description wpa – client support for WPA and WPA2 Details It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 hostapd – 2:2.6-21ubuntu3.3 wpasupplicant – 2:2.6-21ubuntu3.3 Ubuntu 18.04 LTS hostapd – 2:2.6-15ubuntu2.5 wpasupplicant – 2:2.6-15ubuntu2.5 Ubuntu 16.04 LTS hostapd – 1:2.4-0ubuntu6.6 wpasupplicant – 2.4-0ubuntu6.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]

No Image

USN-4135-2: Linux kernel vulnerabilities

2019-09-18 KENNETH 0

USN-4135-2: Linux kernel vulnerabilities linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC [ more… ]