February 11, 2019 11:00 PM PST CVE Identifier: CVE-2019-5736 AWS is aware of the recently disclosed security issue which affects several open-source container management systems (CVE-2019-5736). With the exception of the AWS services listed below, no customer action is required to address this issue. Amazon Linux An updated version of Docker (docker-18.06.1ce-7.amzn2) is available for Amazon Linux 2 extras repositories and Amazon Linux AMI 2018.03 repositories (ALAS-2019-1156). AWS recommends
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
It was discovered that Flatpak, an application deployment framework fordesktop apps, insufficiently restricted the execution of apply_extrascripts which could potentially result in privilege escalation.
More info:
https://www.debian.org/security/2019/dsa-4390
Red Hat Enterprise Linux: Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for.NET Core on Red Hat Enterprise Linux.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section. CVE-2019-0657
More info:
http://rhn.redhat.com/errata/RHSA-2019-0349.html
Red Hat Enterprise Linux: An update for flash-plugin is now available for Red Hat Enterprise Linux 6Supplementary.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2019-7090
More info:
http://rhn.redhat.com/errata/RHSA-2019-0348.html
OpenSSH vulnerability CVE-2010-5107 Security Advisory Security Advisory Description The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP ...
More info:
https://support.f5.com/csp/article/K14741
Mozilla maintains a database containing a set of “root” certificates that we use as “trust anchors”. This database, commonly referred to as a “root store”, allows us to determine which Certificate Authorities (CAs) can issue SSL/TLS certificates that are trusted … Continue readingThe post Why Does Mozilla Maintain Our Own Root Certificate Store? appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/
Mozilla maintains a database containing a set of “root” certificates that we use as “trust anchors”. This database, commonly referred to as a “root store”, allows us to determine which Certificate Authorities (CAs) can issue SSL/TLS certificates that are trusted … Continue readingThe post Why Does Mozilla Maintain Our Own Root Certificate Store? appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10905&actp=RSS
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10905&actp=RSS
