Day: 14 octubre, 2020

OpenSSH client vulnerability CVE-2020-14145 Security Advisory Security Advisory Description The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak ... More info: https://support.f5.com/csp/article/K48050136?utm_source=f5support&utm_medium=RSS

Linux kernel vulnerability CVE-2020-10757 Security Advisory Security Advisory Description A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. More info: https://support.f5.com/csp/article/K05617914?utm_source=f5support&utm_medium=RSS

You are viewing a previous version of this security bulletin. For the most current version please visit: "Processor Speculative Execution Research Disclosure". Concerning: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 Update As Of: 2018/01/05 13:30 PST This is an update for this issue. Amazon EC2 All instances across the Amazon EC2 fleet are protected from all known threat vectors from the CVEs previously listed. Customers’ instances are protected against these threats from other More info: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/v3/

You are viewing a previous version of this security bulletin. For the most current version please visit: "Processor Speculative Execution Research Disclosure". Update As Of: 2017/01/04 15:30 PST This is an update to this issue. Amazon EC2 All instances across the Amazon EC2 fleet are protected from all known threat vectors from the CVEs previously listed. Customers’ instances are protected against these threats from other instances. We have not observed meaningful performance More info: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/v2/

You are viewing a previous version of this security bulletin. For the most current version please visit: "Processor Speculative Execution Research Disclosure". 2018/01/03 14:45 PST AWS is aware of recently disclosed research regarding side-channel analysis of speculative execution on modern computer processors (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754). This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM More info: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/v1/

July 13, 2010 Some Gmail users have noticed that their Gmail accounts have been accessed by systems whose IP addresses resolve to an IP address block in use by Amazon Elastic Compute Cloud (Amazon EC2). Amazon Web Services (AWS) has investigated several of these complaints; finding them to be cases where an end user implicitly granted third-party access to their Gmail account. A typical example: a user signs up for a social networking site which offers the option to import the user’s More info: https://aws.amazon.com/security/security-bulletins/gmail-accounts-accessed-by-ec2-ips/

December 03, 2009 December 3, 2009 — AWS has completed a set of updates to its web sites, applications and service APIs to mitigate risks from the SSL and TLS renegotiation vulnerabilities previously reported. There is no impact to customers and no action is required. Customers may optionally consider updating their own systems with any applicable patches to ensure they mitigate against all possible risks from these SSL and TLS vulnerabilities. November 7, 2009 — Security More info: https://aws.amazon.com/security/security-bulletins/ssl-and-tls-renegotiation-vulnerabilities/

2015/07/21 - 12:35 PM PST - Update AWS Elastic Beanstalk We have updated all Elastic Beanstalk Windows containers per MS15-JULY, as described at https://technet.microsoft.com/en-us/library/security/ms15-jul.aspx. Steps to migrate your existing environment to the updated version: 1. Log in to the AWS Management Console and select Elastic Beanstalk from the list of services. 2. Find the application you want to migrate and then click the Action button next to the application name. 3. In the More info: https://aws.amazon.com/security/security-bulletins/ms15-078-advisory/

August 31, 2011 A new Internet worm has been reported that spreads via Microsofts Remote Desk Protocol (RDP). This worm scans an infected hosts subnet for other hosts running RDP and attempts access to them using a pre-configured set of user names (including "administrator") and passwords. According to Microsoft, this worm can be remotely controlled and updated, such that infected hosts may be ordered to perform denial-of-service attacks or other functions. Because of this, the More info: https://aws.amazon.com/security/security-bulletins/morto-worm-spreading-via-remote-desktop-protocol/

2015/05/13 - 5:20 AM PDT We are aware of the QEMU security issue assigned CVE-2015-3456, also known as "VENOM," which impacts various virtualized platforms. There is no risk to AWS customer data or instances. Information on the Xen-specific advisory can be found below: Xen Security Advisory 133 (CVE-2015-3456) - Privilege escalation via emulated floppy disk drive http://xenbits.xen.org/xsa/advisory-133.html More info: https://aws.amazon.com/security/security-bulletins/XSA_Security_Advisory_CVE_2015_3456/