This week Cisco releases security updates for five vulnerabilities found in its products. Flaws were mainly specific to Nexus switches and their software, NX-OS. The following are descriptions of the advisories in brief.
In addition, Cisco patched a critical vulnerability lying in its network monitoring tool CSPC. This was due to a default account present in the tool which had a static password. It could allow attackers to gain unauthorized access to CSPC.
Nexus users are advised to update to the latest version of the software.
For this week, Microsoft patched a vulnerability that was existing in its Azure Linux Agent platform. It was reported that the flaw was a result of swap files created on resource disks. An attacker could view data in swap files, which is usually hidden. The update remedies the issue by addressing the method of swap information.
Azure Linux Agent users can find the update here.
In this month, Intel released security advisories surrounding a number of its software and firmware products. Bugs addressed in these advisories have been resolved with updates. Following is the list of the advisories with their brief description:
Users are suggested to update to the latest version of the software/firmware.
Ubuntu patched two security vulnerabilities in this week. These flaws were mainly specific to software libraries in the OS. The advisories are described below:
- USN-3906-2: LibTIFF vulnerabilities - LibTIFF library running in Ubuntu 12.04 ESM could be crashed or execute other programs in the system, by an image handling process. While earlier security advisories addressed multiple vulnerabilities, this specifically focused on resolving the issue in Ubuntu 12.04 ESM.
- USN-3911-1: file vulnerabilities - Many vulnerabilities found in ‘file’ tool could have caused a denial of service or RCE attack. Affected versions are Ubuntu 18.10, 18.04 LTS & 16.04 LTS.
The issues can be resolved by updating to the latest version.
Security issues concerning two products in VMWare were addressed this month. The vulnerabilities were found in VMWare Horizon and VMWare Workstation.
- VMSA-2019-0003 - This advisory details an information disclosure flaw in Connection Server of VMWare Horizon. A successful hack on this component could reveal internal domain names or IP address. The update patches the flaw.
- VMSA-2019-0002 - The advisory highlights a functional issue in VMWare Workstation which could lead to privilege escalation instances by an unauthorized user. This issue is fixed with an update for Windows workstation (Linux based workstations were not affected).
The new version - WordPress 5.1.1 has over 14 fixes and enhancements. It has resolved security issues pertaining to comments managed in the database which could have led to cross-scripting attacks through a WordPress post. Versions 5.1 and prior are affected by this issue.
Users can either download WordPress 5.1.1. here or update from the Dashboard section of WordPress.