04-29

Weekly Awareness Report (WAR)

April 29, 2019

The Cyber Intelligence Report is an Open Source Intelligence AKA OSINT resource focusing on advanced persistent threatsand other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category directed at bothbusiness and political targets. Attack vectors include system compromise, social engineering, and even traditionalespionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.

Summary

Symantec ThreatCon Low: Basic network posture

This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.

Sophos: last 10 Malware* Troj/Trickbo-QM* Troj/NanoCo-JE* Troj/Nymaim-JD* Troj/PDFUri-HGO* VBS/Drop-AXB* Troj/Bot-J* Troj/BatDl-BX* Troj/Formboo-MI* Troj/Emogen-GH* Troj/DocDl-TIB

Last 10 PUAs* CryptoNight Miner* Carifred Ultra Virus Killer* Adposhel* Carambis (ROSTPAY LTD.)Carambis Installer* Equation Group* Carbanak Remote AdminLauncher* Android Lucky Patcher* Altnet* Mimikatz Exploit Utility* Android Fake JIO Adware

Interesting News

* Operation ShadowHammer: a high-profile supply chain attackIn late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attackinvolving ASUS Live Update Utility. Now it is time to share more details about the research with our readers.

* * The IWC Cyber Range is scheduled to release a new version May 1st. Ghidra and Grass Marlin are now installed alongwith several more Red/Blue Team tools. If you are interested, we have an active FaceBook Group and YouTube Channel. As always, if you have any suggestions, feel free to let us know. Subscribe if you would like to receive the CIR updates bysending us an email: CIR@informationwarfarecenter.com

Index of Sections

Current News

* Packet Storm Security

* Dark Reading

* Krebs on Security

* The Hacker News

* Infosecurity Magazine

* Threat Post

* Naked Security

* Quick Heal - Security Simplified

Hacker Corner: Tools, Hacked Defacements, and Exploits

* Security Conferences

* Packet Storm Security Latest Published Tools

* Zone-H Latest Published Website Defacements

* Packet Storm Security Latest Published Exploits

* Exploit Database Releases

Advisories

* Secunia Chart of Vulnerabilities Identified

* US-Cert (Current Activity-Alerts-Bulletins)

* Symantec's Latest List

* Packet Storm Security's Latest List

Credits

News

Packet Storm Security

* United Covers Seat Cameras Following Passenger Privacy Outrage* Database Reveals Details On Over 80 Million Households* Apple Removes Some Parental Control Apps Over Privacy Concerns* Marco Rubio Confirms Russian Hackers Could Have Altered Florida County Voting Records* Docker Hub Hack Exposed Data Of 190,000 Users* Microsoft To Nix Password Expiration Policies For Windows 10* ICS Patches Three Vulnerabilities In BIND* Critical Flaws In Sierra Wireless 5G Gateway Allows RCE* Pentagon's Independent Science Research Group, The Jasons, Is Set To Disband After 59 Years* An Inside Look At How Credential Stuffing Ops Work* How Do I Buy A Laptop With An Encrypted Hard Drive?* DNSpionage Actors Adjust Tactics, Debut New RAT* ShadowHammer Code Found In Several Video Games* Hacker Finds He Can Remotely Kill Car Engines After Breaking Into GPS Tracking Apps* NSA Reportedly Recommends Retiring Phone Surveillance Program* Judge Rules Cops Can Force Your Finger To Unlock Your iPhone* UK Is At Odds With Cyber Allies Over Huawei* Facebook Expects FTC Fine Of Up To $5 Billion In Privacy Investigation* Lime Scooters Hacked In Australia To Say Sexual Things* Hotspot App Exposed 2 Million Wi-Fi Network Passwords* Hackers Hit Atlanta Hawks Shop With Malware* Congress Sends Letter To Google For Details On Sensorvault Location Tracking Database* Facebook Profits Likely To Fall After Fake News And Privacy Scandals* Intelsat-29e Declared A Total Loss* France's Secure Telegram Replacement Hacked In An Hour

Dark Reading

* A Rear-View Look at GDPR: Compliance Has No Brakes* Learn to Defend Against HTTP Desync Attacks at Black Hat USA* How to Build a Cloud Security Model* Slack Warns of Big, Bad Dangers in SEC Filing* Malware Makes Itself at Home in Set-Top Boxes* Go Medieval to Keep OT Safe* Security Vulns in Microsoft Products Continue to Increase* Cyberattackers Focus on More Subtle Techniques* New EternalBlue Family Member Takes Aim at Asian Web Servers* UVA Wins Second Consecutive National Collegiate Cyber Defense Championship* 55% of SMBs Would Pay Up Post-Ransomware Attack* How a Nigerian ISP Accidentally Hijacked the Internet* Enterprise Trojan Detections Spike 200% in Q1 2019* Sensitive Data Lingers on Used Storage Drives Sold Online* Regulations, Insider Threat Handicap Healthcare IT Security* Ramblings of a Recovering Academic on the So-Called Lack of Security Talent* Indeed.com: Slight Dip in Clicks on US Cybersecurity Job Listings * TA505 Abusing Legit Remote Admin Tool in String of Attacks

News

Krebs on Security

* P2P Weakness Exposes Millions of IoT Devices* Who's Behind the RevCode WebMonitor RAT?* Marcus "MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware* Wipro Intruders Targeted Other Major IT Firms* How Not to Acknowledge a Data Breach* Experts: Breach at IT Outsourcing Giant Wipro* 'Land Lordz' Service Powers Airbnb Scams* Android 7.0+ Phones Can Now Double as Google Security Keys* Patch Tuesday Lowdown, April 2019 Edition* A Year Later, Cybercrime Groups Still Rampant on Facebook

The Hacker News

* Docker Hub Suffers a Data Breach, Asks Users to Reset Password* New York, Canada, Ireland Launch New Investigations Into Facebook Privacy Breaches* Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension* 'Highly Critical' Unpatched Zero-Day Flaw Discovered In Oracle WebLogic* Facebook Could Be Fined Up To $5 Billion Over Privacy Violations* Congress Asks Google 10 Questions On Its Location Tracking Database* Learn Ethical Hacking With 180 Hours of Training — 2019 Online Course* 'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy* Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress* Source Code for CARBANAK Banking Malware Found On VirusTotal

Security Week

* GDPR Conformance Does Not Excuse Companies from Vicarious Liability* Docker Hub Breach Hits 190,000 Accounts* Oracle Patches WebLogic Zero-Day Exploited in Attacks* A Crash-Course in Card Shops* Slack Lists Cybersecurity Risks Ahead of Going Public* AESDDoS Botnet Targets Vulnerability in Atlassian's Confluence Server* P2P Flaws Expose Millions of IoT Devices to Remote Attacks* Data in Use Is the Point of Least Resistance* Cyptojacking Attacks Target Enterprises With NSA-Linked Exploits* Cisco Finds Serious Flaws in Sierra Wireless AirLink Devices* Microsoft Removes Password-Expiration Policy in Windows 10* Irish Regulator Investigates Facebook Over Exposed Passwords* NIST Tool Finds Errors in Complex Safety-Critical Software* Canada Privacy Watchdog Taking Facebook to Court* Reports Huawei to Supply UK Networks Draw Criticism* Cybercriminals Using GitHub to Host Phishing Kits* Leaked Carbanak Source Code Reveals No New Exploits* Special-Purpose Vehicle Maker Aebi Schmidt Hit by Malware* Oracle, Gemalto Downplay Java Card Vulnerabilities* Third Party Ecosystems Make Industrial IoT the Perfect Storm of Risk and Reward

News

Infosecurity Magazine

* Docker Hub Breach Exposes 190K Users* Magecart Skimming Code Found on GitHub* Apple: We Banned Parental Control Apps for Security Reasons* Pros Feel Aligned with Board, Still Fear a Phish* Amnesty International Hong Kong Attacked* Data Protection Commission Investigates Facebook* CISOs Consider Quitting Industry Over Surging Stress * #CYBERUK19: NCSC and ICO Clarify Roles to Assist Incident Response* Attacks on Businesses Soar 235% in Q1* State of Washington Expands Breach Notice Laws

Threat Post

* Docker Hub Hack Affects 190K Accounts* 2 Million IoT Devices Vulnerable to Complete Takeover* Users Urged to Disable WordPress Plugin After Unpatched Flaw Disclosed* News Wrap: Amazon Echo Privacy, Facebook FTC Fines and Biometrics Regulation* GoDaddy Shutters 15,000 Subdomains Tied to 'Snake Oil' Scams* Critical Flaws in Sierra Wireless 5G Gateway Allow RCE, Command Injection* Facial Recognition 'Consent' Doesn't Exist, Threatpost Poll Finds* Android-Based Sony Smart-TVs Open to Image Pilfering* Amazon Employees Given 'Broad Access' to Personal Alexa Info* Qualcomm Critical Flaw Exposes Private Keys For Android Devices

Naked Security

* NIST tool boosts chances of finding dangerous software flaws* Cryptocurrency giants in $850m fraud allegations* Cops need warrant for both location history and phone pinging, says judge* Piracy streaming apps are stuffed with malware* Monday review - the hot 17 stories of the week* NSA asks to end mass phone surveillance* Fingerprint glitch in passports swapped left and right hands* Microsoft drops password expiration from Windows 10 security* Cops can try suspect's fingers on locked iPhones found at crime scene* ExtraPulsar backdoor based on leaked NSA code - what you need to know

Quick Heal - Security Simplified

* Miners snatching open source tools to strengthen their malevolent power!* 5 ways to instantly detect a phishing email and save yourself from phishing attack* PCs fail to boot up / Freeze after receiving Microsoft Windows 9-April-2019 updates and rebooting the PC* JCry - A Ransomware written in Golang!* This summer vacation let your kids explore the internet with safety of parental control* 3059 android malware detected per day in 2018 - Are you still counting on free android antivirus forprotection?* Essential cyber safety tips every woman should follow* Quick Heal Threat Report - Cryptojacking rising but Ransomware still #1 threat for consumers* GandCrab Riding Emotet's Bus!

Security Conferences* This Months Upcoming Events in the United States* This Months Upcoming Events in Europe* Cybersecurity Conferences and Events in New Mexico* Cybersecurity Conferences and Events in South Dakota* Cybersecurity Conferences and Events in the United States

Tools & Techniques* TestSSL 3.0rc5* TestSSL 2.9.5-8* Lynis Auditing Tool 2.7.4* OpenSSH 8.0p1* Raptor WAF 0.6* Mandos Encrypted File System Unattended Reboot Utility 1.8.4* Stegano 0.9.3* GNUnet P2P Framework 0.11.0* Wireshark Analyzer 3.0.1* Stegano 0.9.2* Anevicon : A High-Performant UDP-Based Load Generator* PYWhatCMS - Unofficial WhatCMS API Package* Easysploit : Metasploit Automation Easier & Faster Than Ever* Findomain - Tool That Use Certificate Transparency Logs to Find Subdomains* Most Popular Hacking Tools in 2018* Reverie - Automated Pentest Tools Designed For Parrot Linux* How To Save Time With Automated Transcription Software* Social10x Review* FTPBruter : A FTP Server Brute Forcing Tool Written In Python 3* Raptor WAF : Web Application Firewall Using DFA Beta

Latest Zone-H Website Defacements* http://www.jnpc.gov.ly* http://www.mpc.gov.ly* http://www.zm.gov.jo* http://www.eliberia.gov.lr/Green.txt* http://muniparcoy.gob.pe/xxx.htm* http://promkes.bandungbaratkab.go.id/galau.htm* http://dinkes.bandungbaratkab.go.id/galau.htm* http://petawisata.bandungbaratkab.go.id/galau.htm* http://bappeda.bandungbaratkab.go.id/galau.htm* http://simjab.bandungbaratkab.go.id/galau.htm* http://sidopo.bandungbaratkab.go.id/galau.htm* http://dinsosnakertrans.bandungbaratkab.go.id/galau.htm* http://simpenas.bandungbaratkab.go.id/galau.htm* http://bumd.bandungbaratkab.go.id/galau.htm* http://pokjanalposyandu.bandungbaratkab.go.id/galau.htm* http://dprd.bandungbaratkab.go.id/galau.htm* http://sippd.bappeda.bandungbaratkab.go.id/galau.htm* http://perpustakaan.bandungbaratkab.go.id/galau.htm* http://disbudpar.bandungbaratkab.go.id/galau.htm

Proof of Concept (PoC) & Exploits

Packet Storm Security

* SGI IRIX 6.4.x Run-Time Linker Arbitrary File Creation* Sierra Wireless AirLink ES450 ACEManager Information Exposure* Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure* Joomla ARI Quiz 3.7.4 SQL Injection* Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment * Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure* Sierra Wireless AirLink ES450 ACEManager Information Disclosure* Sierra Wireless AirLink ES450 ACEManager Cross Site Request Forgery* Sierra Wireless AirLink ES450 SNMPD Hard-Coded Credentials* Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution* Sierra Wireless AirLink ES450 ACEManager ping_result.cgi Cross Site Scripting* Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change* Sierra Wireless AirLink ES450 ACEManager iplogging.cgi Command Injection* Apache Pluto 3.0.0 / 3.0.1 Cross Site Scripting* NSauditor 3.1.2.0 Name Denial Of Service* NSauditor 3.1.2.0 Community Denial Of Service* systemd DynamicUser SetUID Binary Creation* Lavavo CD Ripper 4.20 Buffer Overflow* osTicket 1.11 Cross Site Scripting / Local File Inclusion* JioFi 4G M2S 1.0.2 Denial Of Service* JioFi 4G M2S 1.0.2 Cross Site Scripting* Backup Key Recovery 2.2.4 Denial Of Service

Exploit Database

* [dos] systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process* [webapps] Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting* [dos] NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)* [dos] NSauditor 3.1.2.0 - 'Community' Denial of Service (PoC)* [local] RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)* [local] Lavavo CD Ripper 4.20 - 'License Activation Name' Buffer Overflow (SEH)* [dos] AnMing MP3 CD Burner 2.0 - Denial of Service (PoC)* [webapps] osTicket 1.11 - Cross-Site Scripting / Local File Inclusion* [dos] JioFi 4G M2S 1.0.2 - Denial of Service* [webapps] JioFi 4G M2S 1.0.2 - 'mask' Cross-Site Scripting* [dos] Backup Key Recovery 2.2.4 - Denial of Service (PoC)* [dos] HeidiSQL 10.1.0.5464 - Denial of Service (PoC)* [remote] Google Chrome 72.0.3626.121 / 74.0.3725.0 - 'NewFixedDoubleArray' Integer Overflow* [local] VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation* [shellcode] Linux/x86 - Rabbit Shellcode Crypter (200 bytes)* [dos] Linux - 'page->_refcount' Overflow via FUSE* [dos] Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition* [dos] systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit

AdvisoriesUS-Cert Alerts & bulletins

* AA19-024A: DNS Infrastructure Hijacking Campaign* AA18-337A: SamSam Ransomware* SB19-112: Vulnerability Summary for the Week of April 15, 2019* SB19-105: Vulnerability Summary for the Week of April 8, 2019

Symantec - Latest List

* Microsoft Azure CVE-2019-0816 Security Bypass Vulnerability* Microsoft Windows Win32k CVE-2019-0859 Local Privilege Escalation Vulnerability* Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability* Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability* Microsoft Windows LUAFV Driver CVE-2019-0836 Local Privilege Escalation Vulnerability* Microsoft Azure DevOps Server CVE-2019-0874 Cross Site Scripting Vulnerability* Microsoft Azure DevOps Server CVE-2019-0857 Spoofing Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability* Microsoft Azure DevOps Server CVE-2019-0869 HTML Injection Vulnerability* Microsoft Windows MS XML CVE-2019-0793 Remote Code Execution Vulnerability* Microsoft Windows MS XML CVE-2019-0795 Remote Code Execution Vulnerability* Microsoft Windows MS XML CVE-2019-0792 Remote Code Execution Vulnerability* Microsoft Internet Explorer VBScript Engine CVE-2019-0862 Remote Code Execution Vulnerability* Microsoft Open Enclave SDK CVE-2019-0876 Information Disclosure Vulnerability* Microsoft Windows MS XML CVE-2019-0791 Remote Code Execution Vulnerability* Microsoft ASP.NET Core CVE-2019-0815 Denial of Service Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0739 Remote Memory Corruption Vulnerability* Microsoft Edge CVE-2019-0833 Information Disclosure Vulnerability* Microsoft Edge and Internet Explorer CVE-2019-0764 Tampering Security Bypass Vulnerability* Microsoft Windows JET Database Engine CVE-2019-0879 Remote Code Execution Vulnerability* Microsoft Windows VBScript Engine CVE-2019-0842 Remote Code Execution Vulnerability* Microsoft Windows MS XML CVE-2019-0790 Remote Code Execution Vulnerability

Packet Storm Security - Latest List

Ubuntu Security Notice USN-3956-1Ubuntu Security Notice 3956-1 - It was discovered that Bind incorrectly handled limiting the number ofsimultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consumeresources, leading to a denial of service.Ubuntu Security Notice USN-3955-1Ubuntu Security Notice 3955-1 - It was discovered that tcpflow incorrectly handled certain malformed networkpackets. A remote attacker could send these packets to a target system, causing tcpflow to crash or possiblydisclose sensitive information.Ubuntu Security Notice USN-3922-3Ubuntu Security Notice 3922-3 - USN-3922-1 fixed several vulnerabilities in PHP. This update provides thecorresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled certain files. Anattacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectlyhandled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issueswere also addressed.Red Hat Security Advisory 2019-0886-01Red Hat Security Advisory 2019-0886-01 - Red Hat AMQ Clients enable connecting, sending, and receivingmessages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update providesvarious bug fixes and enhancements in addition to the client package versions previously released on Red HatEnterprise Linux 6 and 7. Gentoo Linux Security Advisory 201904-25Gentoo Linux Security Advisory 201904-25 - Multiple vulnerabilities have been found in QEMU, the worst ofwhich could result in the arbitrary execution of code. Versions less than 3.1.0-r4 are affected.Gentoo Linux Security Advisory 201904-24Gentoo Linux Security Advisory 201904-24 - Multiple vulnerabilities have been found in Ming, the worst ofwhich could result in a Denial of Service condition. Versions less than 0.20181112 are affected.Red Hat Security Advisory 2019-0877-01Red Hat Security Advisory 2019-0877-01 - Red Hat OpenShift Application Runtimes provides an applicationplatform that reduces the complexity of developing and operating applications for OpenShift as a containerizedplatform. This release of RHOAR Thorntail 2.4.0 serves as a replacement for RHOAR Thorntail 2.2.0, andincludes security and bug fixes and enhancements. For further information, refer to the release notes linked toin the References section. Issues addressed include code execution, denial of service, deserialization, andtraversal vulnerabilities.Ubuntu Security Notice USN-3954-1Ubuntu Security Notice 3954-1 - It was discovered that FreeRADIUS incorrectly handled certain inputs. Anattacker could possibly use this issue to bypass authentication.Confluence Server / Data Center Path TraversalConfluence Server and Confluence Data Center suffer from a path traversal vulnerability in thedownloadallattachments resource. Versions affected include 6.6.0 up to 6.6.13, 6.7.0 up to 6.12.4, 6.13.0 up to6.13.4, 6.14.0 up to 6.14.3, and 6.15.0 up to 6.15.2.Ubuntu Security Notice USN-3936-2Ubuntu Security Notice 3936-2 - USN-3936-1 fixed a vulnerability in AdvanceCOMP. This update provides thecorresponding update for Ubuntu 19.04. It was discovered that AdvanceCOMP incorrectly handled certain PNGfiles. An attacker could possibly use this issue to execute arbitrary code. Various other issues were alsoaddressed.Red Hat Security Advisory 2019-0868-01Red Hat Security Advisory 2019-0868-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on theKeycloak project, that provides authentication and standards-based single sign-on capabilities for web andmobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single

Sign-On 7.2.6, and includes bug fixes and enhancements, which are documented in the Release Notesdocument linked to in the References. Red Hat Security Advisory 2019-0857-01Red Hat Security Advisory 2019-0857-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on theKeycloak project, that provides authentication and standards-based single sign-on capabilities for web andmobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat SingleSign-On 7.2.6, and includes bug fixes and enhancements.Red Hat Security Advisory 2019-0856-01Red Hat Security Advisory 2019-0856-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on theKeycloak project, that provides authentication and standards-based single sign-on capabilities for web andmobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat SingleSign-On 7.2.6, and includes bug fixes and enhancements.Red Hat Security Advisory 2019-0809-01Red Hat Security Advisory 2019-0809-01 - OVMF is a project to enable UEFI support for Virtual Machines. Thispackage contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a bufferoverflow vulnerability.Ubuntu Security Notice USN-3922-2Ubuntu Security Notice 3922-2 - USN-3922-1 fixed vulnerabilities in PHP. This update provides thecorresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. Anattacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectlyhandled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issueswere also addressed.Red Hat Security Advisory 2019-0818-01Red Hat Security Advisory 2019-0818-01 - The kernel packages contain the Linux kernel, the core of any Linuxoperating system. Issues addressed include a use-after-free vulnerability.Red Hat Security Advisory 2019-0831-01Red Hat Security Advisory 2019-0831-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issuesaddressed include bypass, denial of service, null pointer, and use-after-free vulnerabilities.Ubuntu Security Notice USN-3952-1Ubuntu Security Notice 3952-1 - Jan Pokorný discovered that Pacemaker incorrectly handledclient-server authentication. A local attacker could possibly use this issue to escalate privileges. JanPokorný discovered that Pacemaker incorrectly handled certain verifications. A local attacker couldpossibly use this issue to cause a denial of service. Jan Pokorný discovered that Pacemaker incorrectlyhandled certain memory operations. A local attacker could possibly use this issue to obtain sensitiveinformation in log outputs. This issue only applied to Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04.Various other issues were also addressed.Ubuntu Security Notice USN-3953-1Ubuntu Security Notice 3953-1 - It was discovered that PHP incorrectly handled certain exif tags in JPEGimages. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, orpossibly execute arbitrary code.Ubuntu Security Notice USN-3951-1Ubuntu Security Notice 3951-1 - It was discovered that the Dovecot JSON encoder incorrectly handled certaininvalid UTF-8 characters. A remote attacker could possibly use this issue to cause Dovecot to repeatedlycrash, resulting in a denial of service.Red Hat Security Advisory 2019-0833-01Red Hat Security Advisory 2019-0833-01 - The kernel-rt packages provide the Real Time Linux Kernel, whichenables fine-tuning for systems with extremely high determinism requirements. Issues addressed include ause-after-free vulnerability.Red Hat Security Advisory 2019-0832-01

Red Hat Security Advisory 2019-0832-01 - The polkit packages provide a component for controllingsystem-wide privileges. This component provides a uniform and organized way for non-privileged processes tocommunicate with privileged ones. Issues addressed include an auth hijacking vulnerability.Red Hat Security Advisory 2019-0806-01Red Hat Security Advisory 2019-0806-01 - Python is an interpreted, interactive, object-oriented programminglanguage, which includes modules, classes, exceptions, very high level dynamic data types and dynamictyping. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Issues addressed include an information leakage vulnerability.Red Hat Security Advisory 2019-0796-01Red Hat Security Advisory 2019-0796-01 - Red Hat CloudForms Management Engine delivers the insight,control, and automation needed to address the challenges of managing virtual environments. CloudFormsManagement Engine is built on Ruby on Rails, a model-view-controller framework for web applicationdevelopment. Action Pack implements the controller and the view components. Issues addressed includedatabase disclosure, denial of service, and traversal vulnerabilities.

https://www.informationwarfarecenter.com