USN-3654-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors...

USN-3654-1: Linux kernel vulnerabilities

Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memor...

Hijacking Philips Hue

We were filming a smart home hacking piece on the 5th May this year. Like most home users, the Wi-Fi PSK wasn’t strong enough, so we cracked it and joined the network. The user had a Philips Hue lighting system. None of us here had looked at Hue before - we made an assumption after the previous...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4108)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4108 advisory. - netfilter: nfnetlinkcthelper: Add missing permission checks Kevin Cernekee Orabug: 27260771 CVE-2017-17448 - netlink: Add netns check on taps Kev...

[SECURITY] Fedora 28 Update: matrix-synapse-0.28.1-1.fc28

Matrix is an ambitious new ecosystem for open federated Instant Messaging a nd VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is inten ded to showcase the concept of Matrix and let folks see the spec i...

[SECURITY] Fedora 28 Update: knot-resolver-2.3.0-1.fc28

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as...

John Summers Q&A - Evanta Global CIO Executive Summit

Akamai's John Summers, VP & CTO, spoke at the recent Evanta Global CIO Executive Summit, a gathering of 75 major organization CIOs. His session was titled, "Cloud Security - Adopt Zero Trust and Put Asset-Level Safeguards in Place." Here are some of the key questions he addressed. How do you...

Cisco Wireless LAN Controller and Aironet Access Points IOS WebAuth Client Authentication Bypass Vulnerability

A vulnerability in Web Authentication WebAuth clients for the Cisco Wireless LAN Controller WLC and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of...

NIST Updates Cybersecurity Framework to Tackle Supply Chain Threats, Vulnerability Disclosure and More

Four years after the initial iteration was released, the National Institute of Standards and Technology NIST has released version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity. The framework was developed to be a voluntary, risk-based framework to improve cybersecurity...

CVE-2018-10471

An OOB write issue was found in the way Xen hypervisor handled error in the Page Table Isolation PTI implementation, used to fix the Meltdown issue. It could occur while processing interrupt 'INT 0x80', when PV guest's vCPU has no handler for it. A malicious guest user/process could use this flaw...

CVE-2018-10529

An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in librawx3f.cpp and librawcxx.cpp...

CVE-2018-10529

An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in librawx3f.cpp and librawcxx.cpp...

USN-3632-1: Linux kernel (Azure) vulnerabilities

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-0861 It was discovered that the KVM...

Ubuntu 16.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3632-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3632-1 advisory. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker...

Mail.ru: invalid handling of redirect_uri at o2.mail.ru/jsapi/button

o2.mail.ru/jsapi/button gets embedded as login window in website that using o2 oauth. parameter redirecturi by default may have either value of white listed domain from particular app by clientId either it may lead to .mail.ru, then it contacts with parent window via postmessages. Other domains a...

CVE-2018-1000159

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ctcheckcbcmacandpad; line "endpos = datalen - 1 - mac.digestsize" that c...

CVE-2018-1000159

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ctcheckcbcmacandpad; line "endpos = datalen - 1 - mac.digestsize" that c...

CVE-2018-1000159

Removed by vendor...

Code injection

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808...

Microsoft Windows URL Moniker Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. Interaction with a particular library is required to exploit this vulnerability but specific attack vectors may vary. The specific flaw exists within the implementation o...