Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Multiple enterprise vendors fix security bugs: Patch Tuesday - Week 2, February 2019

The AchieVer

By The AchieVer
in Security & Privacy News

Recommended Posts

The AchieVer

The AchieVer

Posted
Posted

Multiple enterprise vendors fix security bugs: Patch Tuesday - Week 2, February 2019

 

boardroom,book,business,change,communication,computer,conference,corporate,daily,device,digital,electronic,inform,information,interface,internet,journalism,laptop,latest,meeting,mobile,mobility,modern,monitor,network,new,no,notebook,office,online,people,press,publication,report,software,technology,update,updated,updating,upgrade,web,webpage,website,wood,wooden,workplace,workspace
 

Cisco

Cisco has released three security advisories to fix major flaws in its products. They are described below.

  1. Cisco Webex Meetings Online Content Injection Vulnerability - This vulnerability allowed remote attackers to inject arbitrary text into a user’s browser when using Cisco Webex. 
  2. Container Privilege Escalation Vulnerability Affecting Cisco Products : February 2019 - runc CLI tool used by certain Cisco products carried a vulnerability which allowed attackers to execute malicious files in containers leading to a privilege escalation attack.
  3. Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting Cisco Products : August 2018 - This Linux kernel vulnerability would let attackers conduct denial-of-service attacks.

IBM

The big blue company released a firmware update to fix vulnerabilities present in its Power Systems series. The vulnerability affected the Self Boot Engine component in P8 & P9 processors and could be exploited with malicious code to take down the processors’ functionality. 

The security bulletin released by IBM can be found here.

Ubuntu

Ubuntu released two security advisories this week to patch moderately severe vulnerabilities in the OS. The two advisories are as follows.

  1. USN-3891-1: systemd vulnerability - Vulnerability affected the systemd suite that can be crashed with a malicious D-Bus message. Ubuntu 18.10, 18.04 LTS & 16.04 LTS were the vulnerable versions.
  2. USN-3850-2: NSS vulnerabilities - Vulnerabilities concerned the Network Security Service(NSS) library. It could allow attackers to conduct cache-timing attacks. 

VMware

The virtualization software maker issued a security update to fix a descriptor vulnerability in runc container runtime. This flaw allows attackers to run arbitrary code in those products. Following are the products patched with the update. 

  1. VMware Integrated OpenStack with Kubernetes (VIO-K)
  2. VMware PKS (PKS)
  3. VMware vCloud Director Container Service Extension (CSE)
  4. vSphere Integrated Containers (VIC)

 

 

 

Source

Link to comment
Share on other sites
  • Views 354
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...