weekly awareness report (war)€¦ · 10/06/2019 · publicly provided original insights on...
TRANSCRIPT
06-10
Weekly Awareness Report (WAR)
June 10, 2019
The Cyber Intelligence Report is an Open Source Intelligence AKA OSINT resource focusing on advanced persistent threatsand other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category directed at bothbusiness and political targets. Attack vectors include system compromise, social engineering, and even traditionalespionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.
Summary
Symantec ThreatCon Low: Basic network posture
This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.
Sophos: last 10 Malware* Troj/Formboo-OH* Troj/Dofoil-GA* Troj/DocDl-UDM* Troj/Autoit-CMU* Troj/Autoit-CMS* Troj/Autoit-CMR* JS/Dwnldr-YER* Troj/Inject-EFM* JS/DwnLdr-YES* Troj/Trickbo-RO
Last 10 PUAs* DealPly Updater* CrossRider* OxyPumper* SoftPulse* Genieo* Avanquest OneSafe PCCleaner* Adposhel* Android TiSPY tool* XMRig Miner* IStartSurfInstaller
Interesting News
* Zebrocy's Multilanguage Malware SaladZebrocy is Russian speaking APT that presents a strange set of stripes. Essentially, at our SAS2019 presentation, wepublicly provided original insights on Zebrocy and their characteristics for the first time, based on five years of research andprivate reports on this group.
* * We are currently working on our own Cyber Forensics Linux distribution to be released at the begining of August called CSI Linux. We have an active FaceBook Group and YouTube Channel, Subscribe to both! As always, if you have anysuggestions, feel free to let us know. If you would like to receive the CIR updates by email, Subscribe at: [email protected]
Index of Sections
Current News
* Packet Storm Security
* Dark Reading
* Krebs on Security
* The Hacker News
* Infosecurity Magazine
* Threat Post
* Naked Security
* Quick Heal - Security Simplified
Hacker Corner: Tools, Hacked Defacements, and Exploits
* Security Conferences
* Packet Storm Security Latest Published Tools
* Zone-H Latest Published Website Defacements
* Packet Storm Security Latest Published Exploits
* Exploit Database Releases
Advisories
* Secunia Chart of Vulnerabilities Identified
* US-Cert (Current Activity-Alerts-Bulletins)
* Symantec's Latest List
* Packet Storm Security's Latest List
Credits
News
Packet Storm Security
* Emuparadise Gaming Emulator Website Suffers Data Breach* VLC Player Gets Patched For Two High Severity Bugs* Shanghai Jiao Tong University Exposed 8.4TB Of Email Data* TalkTalk Hacker Gets 4 Years Behind Bars* The Politician Fighting The Spyware Industry* Australian National University Hit By Huge Data Breach* Huawei Ban: Full Timeline On How And Why Its Phones Are Under Fire* Exim Command Execution Flaw Affects Millions Of Servers* Warnings Of World-Wide Worm Attacks Are The Real Deal, New Exploit Shows* Google Chrome 75 Rolls Out With 42 Security Fixes* Platinum APT Hides Backdoor Communication In Text* Remote Attack Flaw Found In IPTV Streaming Service* US To Demand Five Years Of Your Social Media, Email Account Info In Your Visa Application* MacOS Zero Day Allows Trusted Apps To Run Malicious Code* Facebook Ordered By U.S. Judge To Turn Over Data Privacy Records* Theta360 Leak Exposes 11 Million Photos, User Data* New Attack Creates Ghost Taps On Modern Android Smartphones* Irish Supreme Court Rejects Facebook Bid To Block ECJ Data Case* 2.3B Files Exposed In A Year: A New Record For Misconfigs* Just Over 100 Checkers And Rally's Hit With POS Malware* Linux Backdoor Found In The Wild Escaped AV Detection* Google Threatens To Delist Chrome Extensions Installed By Deceptive Tactics* Hackers Actively Exploit WordPress Plugin Open Redirect Flaws* Turla Turns PowerShell Into A Weapon In Attacks Against EU Diplomats* Exposed Files Saw 50 Percent Uptick In Last Year
Dark Reading
* GoldBrute Botnet Brute-Forcing 1.5M RDP Servers * 'Lone Wolf' Scammer Built a Multifaceted BEC Cybercrime Operation * Unmixed Messages: Bringing Security & Privacy Awareness Together* Black Hat USA Offers Fresh Perspectives on Enterprise Cybersecurity* Dark Web Becomes a Haven for Targeted Hits* Vulnerability Found in Millions of Email Systems* Massive Changes to Tech and Platforms, But Cybercrime? Not So Much* End User Lockdown: Dark Reading Caption Contest Winners* Learn the Latest Hacking Techniques at Black Hat Trainings Virginia* The Minefield of Corporate Email* Cisco Buys Sentryo* Feds Make New Arrest in Darkode Case* Senior Executives More Involved with SOC Operations, Report Finds* ADT Teams Up with SonicWall for SMB Security Services* 6 Security Scams Set to Sweep This Summer* Cyber Talent Gap? Don't Think Like Tinder!* Inside the Criminal Businesses Built to Target Enterprises * When Security Goes Off the Rails
News
Krebs on Security
* LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach* Report: No 'Eternal Blue' Exploit Found in Baltimore City Ransomware* NY Investigates Exposure of 885 Million Mortgage Documents* Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors* Should Failing Phish Tests Be a Fireable Offense?* First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records* Legal Threats Make Powerful Phishing Lures* Account Hijacking Forum OGusers Hacked* Feds Target $100M 'GozNym' Cybercrime Network* A Tough Week for IP Address Scammers
The Hacker News
* Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor* Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw* New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide* CompTIA Certification Training — Get Online Courses @ 95% OFF* Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers* Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services* Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions* Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default* Apple Launches Privacy-Focused 'Sign in with Apple ID' Feature at WWDC 2019* macOS 0-Day Flaw Lets Hackers Bypass Security Features With Synthetic Clicks
Security Week
* "MuddyWater" Cyberspies Update PowerShell Backdoor* Critical Oracle WebLogic Vulnerability Exploited in Attacks* Fighting Fraud With Threat Intelligence: Debunking Common Misconceptions* GoldBrute Botnet Brute-Force Attacking RDP Servers* The Dark Net, a Major Threat but Also a Resource* China Telecom Routes European Traffic to Its Network for Two Hours* Facebook to Cut off Huawei to Comply With U.S. Sanctions* Spain Extradites 94 Taiwanese to China on Phone Scam Charges* Attackers Piece Together Malicious Tools Used for Targeted Attacks* OMB Publishes Memorandum on U.S. Federal Data Strategy* Rail System Cybersecurity Firm Cylus Raises $12 Million * Many iOS Developers Don't Use Encryption: Report* Cisco to Acquire OT Security Firm Sentryo* VMware Patches Vulnerabilities in Tools, Workstation* macOS Catalina Brings Several Security Improvements* Elastic to Acquire Endpoint Security Firm Endgame for $243 Million* Several Vulnerabilities Found in Cisco Industrial Network Director* Platinum Hackers Use Steganography to Mask C&C Communications* Critical Vulnerabilities Lead to Account Takeover in Major IPTV Streamer* Russia Effort in 2016 US Election Was 'Vast,' 'Professional'
News
Infosecurity Magazine
* Criminals Try to Schedule Spam in Google Calendar* Data of 1m Users Lost in EmuParadise Breach* Vectra Raises $100m in Series E Funding* UK Taxpayers Overwhelmed with Phishing Scams* Microsoft Warns of Campaign Exploiting 2017 Bug* GoldBrute Campaign Brute Forces 1.6m RDP Servers* Sextortion Scammers Pose as Corrupt CIA Agents* New Adware Found in 200+ Google Play Apps * Entrust Datacard Closes on Thales' nCipher Security* Researchers Find 40,000+ Containers Exposed Online
Threat Post
* Mozilla Confirms Premium Firefox Browser With Security Features* WordPress Sites Worldwide Hit with 'Call-Girl' Search-Engine Pollution* How to Model Risk in an Apex Predator Cyber-World* Microsoft Warns of Email Attacks Executing Code Using an Old Bug* VLC Player Gets Patched for Two High-Severity Bugs* Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover* Forget BlueKeep: Beware the GoldBrute* SandboxEscaper Debuts ByeBear Windows Patch Bypass* News Wrap: Infosecurity Europe Highlights and BlueKeep Anxiety* Threatlist: Targeted Espionage-as-a-Service Takes Hold on the Dark Web
Naked Security
* Microsoft warns of time-travelling equation exploit - are you safe?* The GoldBrute botnet is trying to crack open 1.5 million RDP servers* Cryptocurrency attack thwarted by npm team* Laptops used in 2016 NC poll to be examined by feds - after 2.5 years* Online shops fear 2FA at checkout will increase abandoned carts* Monday review - the hot 21 stories of the week* Action required! Exim mail servers need urgent patching* What's the best approach to patching vulnerabilities?* Researchers eavesdrop on smartphone finger taps* The FBI is sitting on more than 641m photos of people's faces
Quick Heal - Security Simplified
* What makes Quick Heal's Next Generation Suite of Features a SMART choice to protect your privacy?* APT-27 like Newcore RAT, Virut exploiting MySQL for targeted attacks on enterprise* CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel* Quick Heal supports the Windows 10 May 2019 Update* What is Emotet?* CVE-2019-0708 - A Critical "Wormable” Remote Code Execution Vulnerability in Windows RDP* Miners snatching open source tools to strengthen their malevolent power!* 5 ways to instantly detect a phishing email and save yourself from phishing attack* PCs fail to boot up / Freeze after receiving Microsoft Windows 9-April-2019 updates and rebooting the PC
Security Conferences* How To Speak At DEF CON* Join Our LinkedIn Group* Upcoming Cybersecurity Conferences in the United States & Canada* Upcoming Cybersecurity Conferences in Europe* 29 Amazing TED Cybersecurity Talks (2008 - 2020)
Tools & Techniques* Faraday 3.8.0* Stegano 0.9.4* SQLMAP - Automatic SQL Injection Tool 1.3.6* Bro Network Security Monitor 2.6.2* GNU Privacy Guard 2.2.16* Packet Fence 9.0.1* OpenSSL Toolkit 1.1.1c* Wireshark Analyzer 3.0.2* GRR 3.3.0.0* Flawfinder 2.0.9* GhostDelivery : .VBS Script To Deliver Payload With Persistence* ReverseTCPShell : PowerShell ReverseTCP Shell, Client & Server* RIPVT : Virus Total API Maltego Transform Set For Canari* PcapXray : Tool To Visualize A Packet Capture Offline* IOCExtract : Advanced Indicator Of Compromise (IOC) Extractor* VTHunting : A Tiny Script Used to Generate Report About Virus Total Hunting* Facebash : Facebook Brute Forcer In Shellscript Using TOR* Finshir : A Coroutines-Driven Low & Slow Traffic Sender* Metabigor : Command Line Search Engines Without Any API Key* AutoPwn : Automate Repetitive Tasks For Fuzzing
Latest Zone-H Website Defacements* https://sisprev.saoluis.ma.gov.br/security/lang.tmp* https://app.semad.saoluis.ma.gov.br/security/lang.tmp* http://tirtayasa.serangkab.go.id/foto_berita/* http://tanara.serangkab.go.id/foto_berita/* http://siopel.serangkab.go.id/foto_download_kegiatan/* http://sikasep.serangkab.go.id/foto_berita/* http://disdik.serangkab.go.id/foto_agenda/* http://inspektorat.serangkab.go.id/foto_info/* http://ptlnt.gov.la//Back.html* http://champasakpho.gov.la//Back.html* http://laoembassybangkok.gov.la//Back.html* http://laopermanentmission-jakarta.gov.la//Back.html* http://xaysomboun.gov.la//Back.html* http://dpt-hph.gov.la//Back.html* http://ptbk.gov.la//Back.html* http://ptlpb.gov.la//Back.html* http://dpt-atp.gov.la//Back.html* http://ptblkx.gov.la//Back.html* http://ptcps.gov.la//Back.html
Proof of Concept (PoC) & Exploits
Packet Storm Security
* Wampserver 3.1.8 Cross Site Request Forgery* Ubuntu 18.04 lxd Privilege Escalation* UliCMS 2019.1 Cross Site Scripting* Amcrest IPM-721S Credential Disclosure / Privilege Escalation* Blipcare Clear Text Communication / Memory Corruption* Dlink DCS-1130 Command Injection / CSRF / Stack Overflow* Securifi Almond 2015 Buffer Overflow / Command Injection / XSS / CSRF* Starry Router Camera PIN Brute-Force / CORS Incorrect* Microsoft Windows AppX Deployment Service Local Privilege Escalation* Supra Smart Cloud TV Remote File Inclusion* WordPress Satoshi 2.0 Cross Site Request Forgery / File Upload* Zimbra XML Injection / Server-Side Request Forgery* IBM Websphere Application Server Remote Code Execution* LibreNMS addhost Command Injection* Google Chrome WasmMemoryObject::Grow Use-After-Free* Zoho ManageEngine ServiceDesk Plus 9.3 Cross Site Scripting* IceWarp 10.4.4 Local File Inclusion* DVD X Player 5.5 Pro Local Buffer Overflow* Cisco RV130W 1.0.3.44 Remote Stack Overflow* NUUO NVRMini 2 3.9.1 Stack Overflow* dotCMS 5.1.1 Open Redirection / Cross Site Scripting* AUO Solar Data Recorder Incorrect Access Control
Exploit Database
* [shellcode] Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes)* [local] Ubuntu 18.04 - 'lxd' Privilege Escalation* [webapps] UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting* [local] Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)* [shellcode] Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)* [remote] Exim 4.87 * [local] Vim * [local] Nvidia GeForce Experience Web Helper - Command Injection* [webapps] Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion* [remote] LibreNMS - addhost Command Injection (Metasploit)* [remote] IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization RemoteCode Execution (Metasploit)* [dos] Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free* [webapps] Zimbra * [webapps] Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting* [webapps] Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting* [webapps] Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting* [webapps] Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting* [local] DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)
AdvisoriesUS-Cert Alerts & bulletins
* AA19-122A: New Exploits for Unsecure SAP Systems* AA19-024A: DNS Infrastructure Hijacking Campaign* SB19-161: Vulnerability Summary for the Week of June 3, 2019* SB19-154: Vulnerability Summary for the Week of May 27, 2019
Symantec - Latest List
* Microsoft Windows Remote Desktop Services CVE-2019-0708 Remote Code Execution Vulnerability* Microsoft Internet Explorer CVE-2019-0995 Security Bypass Vulnerability* Microsoft Internet Explorer and Edge CVE-2019-0940 Remote Memory Corruption Vulnerability* Microsoft Edge CVE-2019-0938 Remote Privilege Escalation Vulnerability* Microsoft SharePoint Server CVE-2019-0956 Information Disclosure Vulnerability* Microsoft Azure Active Directory Connect CVE-2019-1000 Remote Privilege Escalation Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0937 Remote Memory Corruption Vulnerability* Microsoft Office Access Connectivity Engine CVE-2019-0945 Remote Code Execution Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0933 Remote Memory Corruption Vulnerability* Microsoft SharePoint Server CVE-2019-0949 Spoofing Vulnerability* Microsoft Internet Explorer CVE-2019-0930 Information Disclosure Vulnerability* Microsoft SharePoint Server CVE-2019-0952 Remote Code Execution Vulnerability* Microsoft Internet Explorer CVE-2019-0929 Remote Memory Corruption Vulnerability* Microsoft SharePoint Server CVE-2019-0958 Remote Privilege Escalation Vulnerability* Microsoft SharePoint Server CVE-2019-0957 Remote Privilege Escalation Vulnerability* Microsoft .NET CVE-2019-0820 Denial of Service Vulnerability* Microsoft SharePoint Server CVE-2019-0950 Spoofing Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0927 Remote Memory Corruption Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability* Microsoft SharePoint Server CVE-2019-0963 Cross Site Scripting Vulnerability* Microsoft Edge CVE-2019-0926 Remote Memory Corruption Vulnerability* Microsoft Windows GDI Component CVE-2019-0882 Information Disclosure Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0925 Remote Memory Corruption Vulnerability* Microsoft Word CVE-2019-0953 Remote Code Execution Vulnerability* Microsoft SQL Server CVE-2019-0819 Information Disclosure Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0924 Remote Memory Corruption Vulnerability
Packet Storm Security - Latest List
Red Hat Security Advisory 2019-1423-01Red Hat Security Advisory 2019-1423-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is acontinuous integration server that monitors executions of repeated jobs, such as building a software project orjobs run by cron. Issues addressed include bypass and cross site scripting vulnerabilities.Red Hat Security Advisory 2019-1422-01Red Hat Security Advisory 2019-1422-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. Theatomic-openshift-web-console package provides the management console for OpenShift Container Platform.Issues addressed include a code execution vulnerability.Red Hat Security Advisory 2019-1421-01Red Hat Security Advisory 2019-1421-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform forJava applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise ApplicationPlatform 7.2.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.1, and includesbug fixes and enhancements. Issues addressed include a cross site scripting vulnerability.Red Hat Security Advisory 2019-1424-01Red Hat Security Advisory 2019-1424-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform forJava applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise ApplicationPlatform 7.2.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.1, and includesbug fixes and enhancements. Issues addressed include a cross site scripting vulnerability.Red Hat Security Advisory 2019-1419-01Red Hat Security Advisory 2019-1419-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform forJava applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise ApplicationPlatform 7.2.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.1, and includesbug fixes and enhancements. Issues addressed include a cross site scripting vulnerability.Red Hat Security Advisory 2019-1420-01Red Hat Security Advisory 2019-1420-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform forJava applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise ApplicationPlatform 7.2.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.1, and includesbug fixes and enhancements. Issues addressed include a cross site scripting vulnerability.Ubuntu Security Notice USN-4013-1Ubuntu Security Notice 4013-1 - It was discovered that libsndfile incorrectly handled certain malformed files. Aremote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possiblyexecute arbitrary code.Ubuntu Security Notice USN-4012-1Ubuntu Security Notice 4012-1 - It was discovered that elfutils incorrectly handled certain malformed files. If auser or automated system were tricked into processing a specially crafted file, elfutils could be made to crashor consume resources, resulting in a denial of service.Debian Security Advisory 4458-1Debian Linux Security Advisory 4458-1 - A flaw was discovered in the CalDAV feature in httpd of the CyrusIMAP server, leading to denial of service or potentially the execution of arbitrary code via a crafted HTTP PUToperation for an event with a long iCalendar property name.Debian Security Advisory 4457-1Debian Linux Security Advisory 4457-1 - Hanno Böck discovered that Evolution was vulnerable toOpenPGP signatures being spoofed for arbitrary messages using a specially crafted HTML email. This issuewas mitigated by moving the security bar with encryption and signature information above the messageheaders.Moxa AWK-3121 1.14 Information Disclosure / Command Execution
Moxa AWK-3121 version 1.14 devices suffer from authentication bypass, code execution, cross site scripting,and information leakage vulnerabilities.RetireJS CORS Issue / Script ExecutionRetireJS was scanned with itself and found to contain multiple vulnerabilities.Exim 4.9.1 Remote Command ExecutionQualys discovered a remote command execution vulnerability in Exim versions 4.87 to 4.91.Debian Security Advisory 4454-2Debian Linux Security Advisory 4454-2 - Vincent Tondellier reported that the qemu update issued as DSA4454-1 did not correctly backport the support to define the md-clear bit to allow mitigation of the MDSvulnerabilities. Updated qemu packages are now available to correct this issue.Gentoo Linux Security Advisory 201906-01Gentoo Linux Security Advisory 201906-1 - A vulnerability in Exim could allow a remote attacker to executearbitrary commands. Versions less than 4.92 are affected.Red Hat Security Advisory 2019-1400-01Red Hat Security Advisory 2019-1400-01 - The AMQ Client enables connecting, sending, and receivingmessages over the AMQP 1.0 wire transport protocol. Red Hat Security Advisory 2019-1399-01Red Hat Security Advisory 2019-1399-01 - The AMQ Client enables connecting, sending, and receivingmessages over the AMQP 1.0 wire transport protocol. This update provides various bug fixes andenhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 7. Red Hat Security Advisory 2019-1398-01Red Hat Security Advisory 2019-1398-01 - The AMQ Client enables connecting, sending, and receivingmessages over the AMQP 1.0 wire transport protocol. This update provides various bug fixes andenhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 7. Ubuntu Security Notice USN-4011-2Ubuntu Security Notice 4011-2 - USN-4011-1 fixed several vulnerabilities in Jinja2. This update provides thecorresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Olivier Dony discovered that Jinjaincorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. Various otherissues were also addressed.Ubuntu Security Notice USN-4011-1Ubuntu Security Notice 4011-1 - Olivier Dony discovered that Jinja incorrectly handled str.format. An attackercould possibly use this issue to escape the sandbox. This issue only affected Ubuntu 16.04 LTS. Brian Welchdiscovered that Jinja incorrectly handled str.format_map. An attacker could possibly use this issue to escapethe sandbox.Ubuntu Security Notice USN-4008-3Ubuntu Security Notice 4008-3 - USN-4008-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS.This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04LTS for Ubuntu 14.04 ESM. Robert Swiecki discovered that the Linux kernel did not properly apply AddressSpace Layout Randomization in some situations for setuid elf binaries. A local attacker could use this toimprove the chances of exploiting an existing vulnerability in a setuid elf binary. Various other issues were alsoaddressed.Ubuntu Security Notice USN-3991-2Ubuntu Security Notice 3991-2 - USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regressionwhich resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. Multiplesecurity issues were discovered in Firefox.Ubuntu Security Notice USN-3957-3Ubuntu Security Notice 3957-3 - USN-3957-1 fixed multiple vulnerabilities in MySQL. This update provides thecorresponding fixes for CVE-2019-2614 and CVE-2019-2627 in MariaDB 10.1. Ubuntu 18.04 LTS has beenupdated to MariaDB 10.1.40. In addition to security fixes, the updated package contain bug fixes, new features,
and possibly incompatible changes. Various other issues were also addressed. Does this look okay?Ubuntu Security Notice USN-4009-2Ubuntu Security Notice 4009-2 - USN-4009-1 fixed several vulnerabilities in PHP. This update provides thecorresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectlydecoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP to crash,resulting in a denial of service. Various other issues were also addressed.
