Blog

Several vulnerabilities have been discovered in Quagga, a routingdaemon. The Common Vulnerabilities and Exposures project identifies thefollowing issues: More info: https://www.debian.org/security/2018/dsa-4115

Concerning: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 Update As Of: 2018/02/05 4:30 PM PST This is an update for this issue. An updated kernel for Amazon Linux is available within the Amazon Linux repositories. EC2 instances launched with the default Amazon Linux configuration on or after January 13th, 2018 will automatically include the updated package, which incorporates the latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upon More info: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/

Greetings from the VMware Security Response Center! We thought we should post an explanation of today’s changes to VMSA-2018-0007 as we have removed CVE-2017-5715 from the advisory. The reason we have done this is to clarify which of these issues have been mitigated against currently known variants of the different vulnerabilities. Because CVE-2017-5753 (Meltdown) is […]The post VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to More info: https://blogs.vmware.com/security/2018/02/vmsa-2018-0007-1-vmware-virtual-appliance-updates-address-side-channel-analysis-due-speculative-execution.html

Two vulnerabilities were discovered in the libraries of the Vorbis audiocompression codec, which could result in denial of service or theexecution of arbitrary code if a malformed media file is processed. More info: https://www.debian.org/security/2018/dsa-4113

Multiple vulnerabilities have been discovered in the Xen hypervisor: More info: https://www.debian.org/security/2018/dsa-4112

It was discovered that jackson-databind, a Java library used to parseJSON and other data formats, did not properly validate user inputbefore attempting deserialization. This allowed an attacker to performcode execution by providing maliciously crafted input. More info: https://www.debian.org/security/2018/dsa-4114

Greetings from the VMware Security Response Center! We thought we should post an explanation of today’s changes to VMSA-2018-0007 as we have removed CVE-2017-5715 from the advisory. The reason we have done this is to clarify which of these issues have been mitigated against currently known variants of the different vulnerabilities. Because CVE-2017-5753 (Meltdown) is […]The post VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to More info: https://blogs.vmware.com/security/2018/02/vmsa-2018-0007-1-vmware-virtual-appliance-updates-address-side-channel-analysis-due-speculative-execution.html

Greetings from the VMware Security Response Center! We thought we should post an explanation of today’s changes to VMSA-2018-0007 as we have removed CVE-2017-5715 from the advisory. The reason we have done this is to clarify which of these issues have been mitigated against currently known variants of the different vulnerabilities. Because CVE-2017-5753 (Meltdown) is […]The post VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to More info: https://blogs.vmware.com/security/2018/02/vmsa-2018-0007-1-vmware-virtual-appliance-updates-address-side-channel-analysis-due-speculative-execution.html

Type: Vulnerability. Microsoft Outlook is prone to a remote memory-corruption vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=102871&om_rssid=sr-advisories

Type: Vulnerability. Microsoft Edge is prone to a remote memory-corruption vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=102883&om_rssid=sr-advisories