US-Cert announced updates and patches for VMware, Samba, Internet Key Exchange, and Linux kernel, respectively, to address a host of vulnerabilities.
The VMware security updates fixed vulnerabilities in vSphere, Workstation, Fusion, and Virtual Appliances which could allow an attacker to obtain sensitive information if exploited, according to an August 14 advisory.
The Samba Team released security updates to address several vulnerabilities which if exploited could allow threat actors to gain control of an affected system.
“NCCIC encourages users and administrators to review the Samba Security Announcements for CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, and CVE-2018-1140 and apply the necessary updates,” the Samba advisory said.
Updates were also released for Internet Key Exchange v1 to address a vulnerability in its main mode which if exploited could lead to offline dictionary or brute force attacks that could allow an attacker to recover a weak Pre-Shared Key. In order to address the issue researchers, recommend users implement cryptographically secure PSK values that resist brute force or dictionary attacks.
Researchers also announced patches for Linux systems. Various vulnerabilities in IP fragmentation have left Linux kernel versions 3.9+ vulnerable to denial of service attacks with low rates of specially modified packets targeting IP fragment re-assembly if an attacker were to send the attack in specially crafted IP fragments.
Patches have been made available from OS vendors and those who are unable to apply the patch should mitigate their systems by changing the default values ore reverting the commit.
