Meet the MSRC at Black Hat 2019 We’re getting close to Black Hat, and we hope to see you there. Here’s where you can find members of the Microsoft Security Response Center if you’d like to say hello, ask a question about a report you made, discuss a recent blog article, or just show us pictures of your dog. Wednesday, August 7 … Meet the MSRC at Black Hat 2019 Read More » Source: Meet the MSRC at Black Hat 2019
It’s Official – The Way We Recognize Our Security Researchers We deeply appreciate the partnership of the many talented security researchers who report vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure. We pay bounties for research in key areas, and each year at Black Hat USA, we’ve recognized the most impactful researchers helping to protect the ecosystem. That’s not changing; we’re continuing to expand our bounty … It’s Official – The Way We Recognize Our Security Researchers Read More » Source: It’s Official – The Way We Recognize Our Security Researchers
USN-4077-1: tmpreaper vulnerability tmpreaper vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary tmpreaper could be made to overwrite files as the administrator. Software Description tmpreaper – cleans up files in directories based on their age Details It was discovered that tmpreaper incorrectly handled certain mount operations. A local attacker could possibly use this issue to create arbitrary files, leading to privilege escalation. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS tmpreaper – 1.6.13+nmu1+deb9u1build0.18.04.1 Ubuntu 16.04 LTS tmpreaper – 1.6.13+nmu1+deb9u1build0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-3461 Source: USN-4077-1: tmpreaper vulnerability
USN-3990-2: urllib3 vulnerability python-urllib3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary urllib3 could be used to perform a CRLF injection if it received a specially crafted request. Software Description python-urllib3 – HTTP library with thread-safe connection pooling for Python Details USN-3990-1 fixed a vulnerability in urllib3. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-11236) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM python-urllib3 – 1.7.1-1ubuntu4.1+esm1 python3-urllib3 – 1.7.1-1ubuntu4.1+esm1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-3990-1 CVE-2019-11236 [ more… ]
Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP) Today we announce the top organizational candidates for Vulnerability Top Contributors, Threat Indicator Top Submitters, and Zero-Day Top Reporting for the period of July 1, 2018 – June 30, 2019. The Microsoft Active Protections Program provides security and protection to customers through cooperation and collaboration with industry leading partners. This bi-directional sharing program of threat … Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP) Read More » Source: Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP)
Copyright © 2026 | WordPress Theme by MH Themes
