weekly awareness report (war)informationwarfarecenter.com/cir/archived/cyber_war...2019/06/24 · *...
TRANSCRIPT
06-24
Weekly Awareness Report (WAR)
June 24, 2019
The Cyber Intelligence Report is an Open Source Intelligence AKA OSINT resource focusing on advanced persistent threatsand other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category directed at bothbusiness and political targets. Attack vectors include system compromise, social engineering, and even traditionalespionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.
Summary
Symantec ThreatCon Low: Basic network posture
This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.
Sophos: last 10 Malware* Troj/Godrop-J* Linux/Mechbot-D* Troj/Formboo-OR* Troj/Stealer-TM* Troj/Trickbo-RT* Troj/PDFUri-HLT* Troj/HTADl-GI* Troj/DocDl-UJS* Troj/MSIL-MKL* Troj/MSIL-MKK
Last 10 PUAs* Neoreklami* IStartSurfInstaller* Hacked DICOM* Altnet* Install Monster* Bitcoin Miner* Adposhel* CUDA Miner* XMRig Miner* UPX Eclipse Layer
Interesting News
* Plurox: Modular backdoorThe analysis showed the Backdoor.Win32.Plurox to have a few quite unpleasant features. What's more, the backdoor ismodular, which means that its functionality can be expanded with the aid of plugins.
* * We are currently working on our own Cyber Forensics Linux distribution to be released at the begining of August called CSI Linux. We have an active FaceBook Group and YouTube Channel, Subscribe to both! As always, if you have anysuggestions, feel free to let us know. If you would like to receive the CIR updates by email, Subscribe at: [email protected]
Index of Sections
Current News
* Packet Storm Security
* Dark Reading
* Krebs on Security
* The Hacker News
* Infosecurity Magazine
* Threat Post
* Naked Security
* Quick Heal - Security Simplified
Hacker Corner: Tools, Hacked Defacements, and Exploits
* Security Conferences
* Packet Storm Security Latest Published Tools
* Zone-H Latest Published Website Defacements
* Packet Storm Security Latest Published Exploits
* Exploit Database Releases
Advisories
* Secunia Chart of Vulnerabilities Identified
* US-Cert (Current Activity-Alerts-Bulletins)
* Symantec's Latest List
* Packet Storm Security's Latest List
Credits
News
Packet Storm Security
* Amazon Granted Patent For Surveillance Drones Service* Anonymous Hacker Exposed After Dropping USB Drive While Throwing Molotov Cocktail* U.S. Launched Cyberattacks On Iranian Intel Sites* Presidential Warnings Easy To Spoof* Facebook Usage Has Collapsed Since Scandals* Nation-Sponsored Hackers Likely Carried Out Hostile Takeover Of Rival Group's Servers* 78,0000 Prescriptions Left In Database With No Password* Firefox Zero Day Was Used In Attack Against Coinbase Employees* NASA's JPL Seems To Be Having A Hard Time With Security* Iran Claims To Have Thwarted A US Cyber Espionage Operation* Oracle Patches Another Actively Exploited WebLogic 0-Day* John Deere's Promotional USB Drive Hijacks Your Keyboard* Venmo Transaction Scraped In Privacy Warning To Consumers* Facebook Launches Cryptocurrency To Shake Up Global Finance* US And Russia Clash Over Power Grid Hack Attacks* Smash GandCrab Tool Released To Decrypt Ransomware* Hacker Conference Speaker Axed Over Abortion Views* Exposed Database Dumps PII Of 1.6 Million Job Seekers* Telegram DDoS Attack Launched Mostly From China* U.S. Defense, Intelligence Ramps Up Efforts To Insert Malware In Russia's Grid* Evernote Critical Flaw Opened Personal Data Of Millions To Attack* Spirit Confirms ASCO Industries Cyberattack* Symantec Plays Down Unreported Breach Of Test Data* Julian Assange's Extradition Hearing Set For 2020* 4 US Agencies Don't Properly Verify Your Data Due To The Equifax Breach
Dark Reading
* Never Trust, Always Verify: Demystifying Zero Trust to Secure Your Networks* Cyber-Risks Hiding Inside Mobile App Stores* Four CVEs Describe SACKs of Linux and FreeBSD Vulnerabilities* Pledges to Not Pay Ransomware Hit Reality* Startup Raises $13.7M to Stop Breaches with Behavioral Analytics* Patrolling the New Cybersecurity Perimeter * Apply Military Strategy to Cybersecurity at Black Hat Trainings Virginia* Customers of 3 MSPs Hit in Ransomware Attacks* Florida Town Pays $600K to Ransomware Operators* 'Democratizing' Machine Learning for Fraud Prevention & Payments Intelligence* Small Businesses May Not Be Security's Weak Link* Machine Learning Boosts Defenses, but Security Pros Worry Over Attack Potential* 7 2019 Security Venture Fund Deals You Should Know* Cybersecurity Accountability Spread Thin in the C-Suite* The Hunt for Vulnerabilities * Inside the FBI's Fight Against Cybercrime* With GDPR's 'Right of Access,' Who Really Has Access?* Critical Firefox Vuln Used in Targeted Attacks
News
Krebs on Security
* Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy* Microsoft Patch Tuesday, June 2019 Edition* LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach* Report: No 'Eternal Blue' Exploit Found in Baltimore City Ransomware* NY Investigates Exposure of 885 Million Mortgage Documents* Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors* Should Failing Phish Tests Be a Fireable Offense?* First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records* Legal Threats Make Powerful Phishing Lures* Account Hijacking Forum OGusers Hacked
The Hacker News
* OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks* PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery* Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer* This Cryptomining Malware Launches Linux VMs On Windows and macOS* Firefox 67.0.4 Released — Mozilla Patches Second 0-Day Flaw This Week* Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers* Important Flaw in Outlook App for Android Affects Over 100 Millions Users* MongoDB 4.2 Introduces End-to-End Field Level Encryption for Databases* Tor Browser 8.5.2 Released — Update to Fix Critical Firefox Vulnerability* Gain the Trust of Your Business Customers With SOC 2 Compliance
Security Week
* Flaw in Outlook for Android Allows for Data Theft* Protection Against Side-Channel Attacks Added to OpenSSH* TrueFort Secures $13.7 Million in Series A Funding* New Attack Delivers FlawedAmmyy RAT Directly in Memory* Iran Denies Being Hit by US Cyber Attack* Mac Malware Delivered via Firefox Exploits Analyzed* WeTransfer Security Incident: File Transfer Emails Sent to Wrong People* Ex-Senate Aide Sentenced to 4 Years in Prison for Data Leak* U.S. Struck Iranian Military Computers This Week: AP Sources* Report: Jet Propulsion Laboratory Hacked for 10 Months* U.S. Launched Cyber Attacks on Iran After Drone Shootdown: Reports* New Botnet Exploits Android Debug Bridge and SSH * Data on Patients Taking Vascepa Prescription Medication Exposed* macOS Crypto-Miner Emulates Linux* Millions of Devices Exposed to Attacks Due to Flaw in PC-Doctor Software* Massive Data Breach at Canada Credit Union Giant Desjardins* UK Regulator Calls Out Compliance Failures in Targeted Advertising Industry* Phishing Campaign Impersonates DHS Alerts* Cloud Data Protection Firm Druva Raises $130 Million* Mozilla Patches Second Firefox Zero-Day Used in Cryptocurrency Attacks
News
Infosecurity Magazine
* US Adds AMD Joint Venture to Entity List* Phishing Attack Exposes PII on 645,000 Oregonians * US Warns of Destructive Iranian Cyber-Attacks* 66% of Homes in North America Have Multiple IoT Devices* Dell Advises PC Users to Update SupportAssist* Desjardins Insider Accessed Data of 2.9m Members* NCSC Stresses 5G's Challenges Outweigh China Threat* Warning Made on Cross-Platform Cryptominer* High-Risk Vulnerabilities in iOS, Android Apps* California Suffered Highest Number of Breaches
Threat Post
* Iran Targeting U.S. With Destructive Wipers, Warns DHS* The Modern-Day Heist: IP Theft Techniques That Enable Attackers* MobOk Malware Hides in Photo Editors on Google Play, Siphons Cash* Microsoft Outlook for Android Open to XSS Attacks* Podcast: Dating App Privacy and NASA Cyberattack* Mozilla Fixes Second Actively-Exploited Firefox Flaw* Millions of Dell PCs Vulnerable to Flaw in Third-Party Component* Match, Tinder Swipe Right For Privacy Red Flags, Say Experts* Post-Ransomware Attack, Florida City Pays $600K* LoudMiner Cryptominer Uses Linux Image and Virtual Machines
Naked Security
* Mozilla patched two Firefox zero-day flaws in one week* Mobile apps riddled with high-risk vulnerabilities, warns report* Desjardins' employee from hell spills 2.9m records* Facebook posts reveal your hidden illnesses, say researchers* Monday review - the hot 20 stories of the week* Microsoft uses AI to push Windows 10 upgrade to users* Used Nest cams were letting previous owners spy on you* Florida city will pay over $600,000 to ransomware attackers* Government is exposing identities of child abuse victims* Update Firefox now! Zero-day found in the wild
Quick Heal - Security Simplified
* Beware! Email attachments can make you victim of spear phishing attacks* The website I visited behaves weirdly. I wonder if I'm hacked?* Beware! The padlock icon and HTTPS are no more indicators of safe website* What makes Quick Heal's Next Generation Suite of Features a SMART choice to protect your privacy?* APT-27 like Newcore RAT, Virut exploiting MySQL for targeted attacks on enterprise* CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel* Quick Heal supports the Windows 10 May 2019 Update* What is Emotet?* CVE-2019-0708 - A Critical "Wormable” Remote Code Execution Vulnerability in Windows RDP
Security Conferences* Free 6 Month Speaking Plan* Free 6 Month Speaking Plan* Free 6 Month Speaking Plan Questionnaire* How To Speak At DEF CON* Join Our LinkedIn Group
Tools & Techniques* Falco 0.15.3* Falco 0.15.2* Hyperion Runtime Encrypter 2.0* HiddenWall Linux Firewall* Zed Attack Proxy 2.8.0 Cross Platform Package* Falco 0.15.1* Faraday 3.8.0* Stegano 0.9.4* SQLMAP - Automatic SQL Injection Tool 1.3.6* Bro Network Security Monitor 2.6.2* WhatBreach : OSINT Tool To Find Breached Emails & Databases* BoomER : Framework For Exploiting Local Vulnerabilities* Sliver : Implant Framework* MozDef: Mozilla Enterprise Defense Platform* URLextractor : Information Gathering & Website Reconnaissance* BackBox : Tool To Perform Penetration Tests & Security Assessments* GhostSquadHackers - Encrypt/Encode Your Javascript Code* DNSlivery : Easy Files & Payloads Delivery Over DNS* Seth : Perform A MitM Attack & Extract Clear Text Credentials From RDP Connections* RDPScan : A Quick Scanner For "BlueKeep” Vulnerability
Latest Zone-H Website Defacements* https://www.flhsmv.gov/Fighter.html* http://gadsantarufina.gob.ec/skyi.htm* http://gadchaguarpamba.gob.ec/skyi.htm* http://www.isa.gob.pa/vz.txt* http://radekhiv-miskrada.gov.ua/index.php/* http://malehivrada.gov.ua/index.php/* http://www.yeniceasm.gov.tr* http://www.branquinha.al.leg.br* http://www.minadordonegrao.al.leg.br* http://www.ipamigaci.al.gov.br* http://www.tanquedarca.al.gov.br* http://cmcampogrande.al.gov.br* http://www.santanadomundau.al.gov.br* http://www.canapi.al.gov.br* http://www.anadia.al.gov.br* http://www.craibas.al.gov.br* http://matagrande.al.gov.br* http://ourobranco.al.gov.br* http://www.flexeiras.al.gov.br
Proof of Concept (PoC) & Exploits
Packet Storm Security
* WebERP 4.15 SQL Injection* BlogEngine.NET 3.3.6 / 3.3.7 XML Injection* Linux Race Condition Use-After-Free* Tuneclone 2.20 SEH Buffer Overflow* Koha Library Software 18.1106000 Open Redirection* Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal* Cisco Prime Infrastructure Runrshell Privilege Escalation* BlogEngine.NET 3.3.6 / 3.3.7 Theme Cookie Directory Traversal / Remote Code Execution* BlogEngine.NET 3.3.6 / 3.3.7 dirPath Directory Traversal / Remote Code Execution* Sahi Pro 8.x Cross Site Scripting* Sahi Pro 8.x SQL Injection* Sahi Pro 7.x / 8.x Directory Traversal* Serv-U FTP Server 15.1.6 Privilege Escalation* Exim 4.91 Local Privilege Escalation* Netperf 2.6.0 Buffer Overflow* AROX School-ERP Pro Unauthenticated Remote Code Execution* HC10 HC.Server Service 10.14 Remote Invalid Pointer Write* Microsoft Word (2016) Deceptive File Reference* Spring Security OAuth 2.3 Open Redirection* Microsoft Windows UAC Protection Bypass* RedwoodHQ 2.5.5 Authentication Bypass* Clever Dog Smart Camera DOG-2W / DOG-2W-V4 File Disclosure / Backdoor
Exploit Database
* [dos] Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation* [dos] Microsoft Windows - 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation* [webapps] GrandNode 4.40 - Path Traversal / Arbitrary File Download* [dos] GSearch 1.0.1.0 - Denial of Service (PoC)* [shellcode] Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode* [webapps] SeedDMS * [webapps] SeedDMS * [webapps] SeedDMS versions * [webapps] dotProject 2.1.9 - SQL Injection* [papers] Sony PlayStation Vita (PS Vita) - Trinity: PSP Emulator Escape* [remote] EA Origin * [papers] Threat Hunting - Hunter or Hunted* [local] Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)* [remote] Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)* [dos] Linux - Use-After-Free via race Between modify_ldt() and #BR Exception* [webapps] BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection* [webapps] WebERP 4.15 - SQL injection* [local] Tuneclone 2.20 - Local SEH Buffer Overflow
AdvisoriesUS-Cert Alerts & bulletins
* AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability* AA19-122A: New Exploits for Unsecure SAP Systems* SB19-168: Vulnerability Summary for the Week of June 10, 2019* SB19-161: Vulnerability Summary for the Week of June 3, 2019
Symantec - Latest List
* Microsoft Internet Explorer CVE-2019-0995 Security Bypass Vulnerability* Microsoft Windows Remote Desktop Services CVE-2019-0708 Remote Code Execution Vulnerability* Microsoft Windows CVE-2019-1064 Local Privilege Escalation Vulnerability* Microsoft Windows Shell CVE-2019-1053 Local Privilege Escalation Vulnerability* Microsoft Windows Installer CVE-2019-0973 DLL Loading Local Privilege Escalation Vulnerability* Microsoft Windows Hyper-V CVE-2019-0711 Denial of Service Vulnerability* Microsoft Windows Hyper-V CVE-2019-0710 Denial of Service Vulnerability* Microsoft Windows Hyper-V CVE-2019-0713 Remote Denial of Service Vulnerability* Microsoft Windows Audio Service CVE-2019-1007 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1028 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1027 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1026 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1022 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1021 Local Privilege Escalation Vulnerability* Microsoft Windows Hyper-V CVE-2019-0709 Remote Code Execution Vulnerability* Microsoft Windows Hyper-V CVE-2019-0722 Remote Code Execution Vulnerability* Microsoft Windows GDI Component CVE-2019-0977 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-0968 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1050 Information Disclosure Vulnerability* Microsoft Windows Hyper-V CVE-2019-0620 Remote Code Execution Vulnerability* Microsoft Windows GDI Component CVE-2019-1049 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1048 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1047 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1046 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1016 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1015 Information Disclosure Vulnerability
Packet Storm Security - Latest List
Red Hat Security Advisory 2019-1580-01Red Hat Security Advisory 2019-1580-01 - The libvirt library contains a C API for managing and interacting withthe virtualization capabilities of Linux and other operating systems. File read and write along with commandexecution vulnerabilities were addressed.Ubuntu Security Notice USN-4027-1Ubuntu Security Notice 4027-1 - Alexander Lakhin discovered that PostgreSQL incorrectly handledauthentication. An authenticated attacker or a rogue server could use this issue to cause PostgreSQL to crash,resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affectedreleases should reduce the vulnerability to a denial of service.Red Hat Security Advisory 2019-1579-01Red Hat Security Advisory 2019-1579-01 - The libvirt library contains a C API for managing and interacting withthe virtualization capabilities of Linux and other operating systems. File read and write along with commandexecution vulnerabilities were addressed.Ubuntu Security Notice USN-4028-1Ubuntu Security Notice 4028-1 - Multiple memory safety issues were discovered in Thunderbird. If a user weretricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denialof service, or execute arbitrary code.Red Hat Security Advisory 2019-1571-01Red Hat Security Advisory 2019-1571-01 - The RHV-M Virtual Appliance automates the process of installingand configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA filefrom the Customer Portal. A crash issue when parsing invalid base64 headers was addressed.Red Hat Security Advisory 2019-1569-01Red Hat Security Advisory 2019-1569-01 - The redhat-virtualization-host packages provide the Red HatVirtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only thepackages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host'sresources and performing administrative tasks. A crash issue when parsing invalid base64 headers wasaddressed.Red Hat Security Advisory 2019-1578-01Red Hat Security Advisory 2019-1578-01 - The libvirt library contains a C API for managing and interacting withthe virtualization capabilities of Linux and other operating systems. Arbitrary file read and write issues wereaddressed.Ubuntu Security Notice USN-4026-1Ubuntu Security Notice 4026-1 - It was discovered that Bind incorrectly handled certain malformed packets. Aremote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.Ubuntu Security Notice USN-4022-1Ubuntu Security Notice 4022-1 - It was discovered that gunicorn improperly handled certain input. An attackercould potentially use this issue execute a cross-site scripting attack.Red Hat Security Advisory 2019-1553-01Red Hat Security Advisory 2019-1553-01 - Chromium is an open-source web browser, powered by WebKit.This update upgrades Chromium to version 75.0.3770.90. Issues addressed include a use-after-freevulnerability.Ubuntu Security Notice USN-4024-1Ubuntu Security Notice 4024-1 - As a security improvement, this update adjusts the AppArmor profile for theEvince thumbnailer to reduce access to the system and adjusts the AppArmor profile for Evince and Evincepreviewer to limit access to the DBus system bus. Additionally adjust the evince abstraction to disallow writeson parent directories of sensitive files.Ubuntu Security Notice USN-4019-2
Ubuntu Security Notice 4019-2 - USN-4019-1 fixed several vulnerabilities in sqlite3. This update provides thecorresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that SQLite incorrectly handledcertain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial ofservice. Various other issues were also addressed.Ubuntu Security Notice USN-4020-1Ubuntu Security Notice 4020-1 - A type confusion bug was discovered in Firefox. If a user were tricked in toopening a specially crafted website, an attacker could exploit this by causing a denial of service, or executingarbitrary code.Ubuntu Security Notice USN-4021-1Ubuntu Security Notice 4021-1 - Daniel P. Berrangé discovered that libvirt incorrectly handled socketpermissions. A local attacker could possibly use this issue to access libvirt. It was discovered that libvirtincorrectly performed certain permission checks. A remote attacker could possibly use this issue to access theguest agent and cause a denial of service. This issue only affected Ubuntu 19.04. Various other issues werealso addressed.Ubuntu Security Notice USN-4019-1Ubuntu Security Notice 4019-1 - It was discovered that SQLite incorrectly handled certain SQL files. Anattacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue onlyaffected Ubuntu 16.04 LTS. It was discovered that SQLite incorrectly handled certain queries. An attackercould possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu18.10. Various other issues were also addressed.Kernel Live Patch Security Notice LSN-0052-1Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP SelectiveAcknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash).Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could befragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attackercould use this to cause a denial of service.Ubuntu Security Notice USN-4018-1Ubuntu Security Notice 4018-1 - It was discovered that Samba incorrectly handled certain RPC messages. Aremote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. It wasdiscovered that Samba incorrectly handled LDAP pages searches. A remote attacker could possibly use thisissue to cause Samba to crash, resulting in a denial of service.Red Hat Security Advisory 2019-1545-01Red Hat Security Advisory 2019-1545-01 - This release of Red Hat Fuse 7.3.1 serves as a replacement forRed Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notesdocument linked to in the References. Issues addressed include code execution and deserializationvulnerabilities.Red Hat Security Advisory 2019-1543-01Red Hat Security Advisory 2019-1543-01 - This release adds the new Apache HTTP Server 2.4.29 ServicePack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement forRed Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements.Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.Red Hat Security Advisory 2019-1518-01Red Hat Security Advisory 2019-1518-01 - The java-11-openjdk packages provide the OpenJDK 11 JavaRuntime Environment and the OpenJDK 11 Java Software Development Kit. Multiple security issues have beenaddressed.Red Hat Security Advisory 2019-1519-01Red Hat Security Advisory 2019-1519-01 - The go-toolset:rhel8 module provides Go Toolset, a compiler toolsetfor building applications using the Go language and compiler suite. A CRLF injection vulnerability has beenaddressed.
Red Hat Security Advisory 2019-1529-01Red Hat Security Advisory 2019-1529-01 - The Public Key Infrastructure Deps module contains fundamentalpackages required as dependencies for the pki-core module by Red Hat Certificate System. An openredirection vulnerability among other things have been addressed.Red Hat Security Advisory 2019-1517-01Red Hat Security Advisory 2019-1517-01 - GVFS is the GNOME Desktop Virtual File System layer that allowsusers to easily access local and remote data using File Transfer Protocol, Secure Shell File Transfer Protocol,Web Distributed Authoring and Versioning, Common Internet File System, Server Message Block, and otherprotocols. GVFS integrates with the GNOME I/O abstraction layer. A file access vulnerability has beenaddressed.Red Hat Security Advisory 2019-1527-01Red Hat Security Advisory 2019-1527-01 - The Windows Azure Linux Agent supports provisioning and runningLinux virtual machines in the Microsoft Windows Azure cloud. A weak permissions issue was addressed.
