Today VMware has released the following new security advisory: “VMSA-2018-0014 – VMware Horizon Client update addresses a privilege escalation vulnerability” This documents the remediation of an important severity local privilege escalation vulnerability (CVE-2018-6964) in VMware Horizon Client for Linux. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on […]The post New VMware Security Advisory VMSA-2018-0014
More info:
https://blogs.vmware.com/security/2018/05/new-vmware-security-advisory-vmsa-2018-0014.html
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.7 ExtendedUpdate Support.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-3639
More info:
http://rhn.redhat.com/errata/RHSA-2018-1638.html
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.7 ExtendedUpdate Support.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-3639
More info:
http://rhn.redhat.com/errata/RHSA-2018-1638.html
Europol y el Foro Económico Mundial (FEM) han firmado un Memorando de Entendimiento (MoU) para establecer un marco de cooperación mutua para fomentar un entorno cibernético más seguro para los ciudadanos, las organizaciones y las empresas.
El objetivo de esta colaboración es el desarrollo de un enfoque más robusto y resistente seguridad cibernética mundial mediante la promoción de asociaciones público-privadas. El WEF ha puesto en marcha recientemente un Centro Global de seguridad cibernética junto con Europol, donde van a participar en los esfuerzos conjuntos para mejorar la lucha contra el delito cibernético mediante el intercambio de conocimientos, la experiencia y la información sobre las amenazas informáticas.
Europol y el FEM intercambiarán conocimientos, tales como, pero no limitado a, las mejores prácticas, datos estadísticos, información técnica o tendencias del cibercrimen entre las dos partes y cooperar en la aplicación de proyectos en áreas de interés común.
Más información:
Europol
Gabriel Corona discovered that xdg-utils, a set of tools for desktopenvironment integration, is vulnerable to argument injection attacks. Ifthe environment variable BROWSER in the victim host has a "%s" and thevictim opens a link crafted by an attacker with xdg-open, the maliciousparty could manipulate the parameters used by the browser when opened.This manipulation could set, for example, a proxy to which the networktraffic could be intercepted for that particular execution.
More info:
https://www.debian.org/security/2018/dsa-4211
Gabriel Corona discovered that xdg-utils, a set of tools for desktopenvironment integration, is vulnerable to argument injection attacks. Ifthe environment variable BROWSER in the victim host has a "%s" and thevictim opens a link crafted by an attacker with xdg-open, the maliciousparty could manipulate the parameters used by the browser when opened.This manipulation could set, for example, a proxy to which the networktraffic could be intercepted for that particular execution.
More info:
https://www.debian.org/security/2018/dsa-4211
This update provides mitigations for the Spectre v4 variant in x86-basedmicro processors. On Intel CPUs this requires updated microcode whichis currently not released publicly (but your hardware vendor may haveissued an update). For servers with AMD CPUs no microcode update isneeded, please refer to https://xenbits.xen.org/xsa/advisory-263.html for further information.
More info:
https://www.debian.org/security/2018/dsa-4210
Multiple security issues have been found in Thunderbird, which may leadto the execution of arbitrary code, denial of service or attacks onencrypted emails.
More info:
https://www.debian.org/security/2018/dsa-4209
Type: Vulnerability. Adobe Acrobat and Reader are prone to an unspecified security-bypass vulnerability; fixes are available.
More info:
http://www.symantec.com/security_response/vulnerability.jsp?bid=104168&om_rssid=sr-advisories
Type: Vulnerability. Adobe Acrobat and Reader are prone to an unspecified arbitrary code-execution vulnerability; fixes are available.
More info:
http://www.symantec.com/security_response/vulnerability.jsp?bid=104174&om_rssid=sr-advisories
