Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new compatible products, new website
features, CVE in the news, etc. right to your email box. Common Vulnerabilities and
Exposures (CVE) is the standard for cyber security vulnerability names. CVE content is
approved by the CVE Editorial Board, which is comprised of leading representatives from
the information security community. CVE Numbering Authorities (CNAs) are major OS
vendors, security researchers, and research organizations that assign CVE Identifiers to
newly discovered issues without directly involving MITRE in the details of the specific
vulnerabilities, and include the CVE Identifiers in the first public disclosure of the
vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are
at the end. Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/April 28, 2016
-------------------------------------------------------
Contents:
1. Juniper Added as CVE Numbering Authority (CNA)
2. New CVE Editorial Board Member for US-CERT
3. Two CVE Identifiers Cited in Numerous Security Advisories and News Media References
about the "Badlock" Vulnerability
4. Also in this Issue
5. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
Juniper Added as CVE Numbering Authority (CNA)
Juniper Networks, Inc. is now a CVE Numbering Authority (CNA) for Juniper issues only.
CNAs are major OS vendors, security researchers, and research organizations that assign
CVE-IDs to newly discovered issues without directly involving MITRE in the details of
the specific vulnerabilities, and include the CVE-ID numbers in the first public
disclosure of the vulnerabilities.
CNAs are the main method for requesting a CVE-ID number. The following 23 organizations
currently participate as CNAs: Adobe; Apple; Attachmate; BlackBerry; CERT/CC; Cisco;
Debian GNU/Linux; EMC; FreeBSD; Google; HP; IBM; ICS-CERT; JPCERT/CC; Juniper;
Microsoft; MITRE (primary CNA); Mozilla; Oracle; Red Hat; Silicon Graphics; Symantec;
and Ubuntu Linux.
For more information about requesting CVE-ID numbers from CNAs, visit the CVE Numbering
Authorities page on the CVE website at https://cve.mitre.org/cve/cna.html.
LINKS:
CNAs -
https://cve.mitre.org/cve/cna.html
CVE-ID numbers -
https://cve.mitre.org/cve/identifiers/index.html#defined
CVE List -
https://cve.mitre.org/cve/
CVE News page article -
https://cve.mitre.org/news/index.html#april222016_Juniper_Added_as_CVE_Numbering_Authori
ty_CNA
---------------------------------------------------------------
New CVE Editorial Board Member for US-CERT
Tom Millar of US-CERT has joined the CVE Editorial Board.
Read the full announcement and welcome message in the CVE Editorial Board email
discussion list archive at
https://cve.mitre.org/data/board/archives/2016-04/msg00011.html.
LINKS:
US-CERT -
https://www.us-cert.gov/
CVE Editorial Board -
https://cve.mitre.org/community/board/
CVE News page article -
https://cve.mitre.org/news/index.html#april222016_New_CVE_Editorial_Board_Member_for_US_
CERT
---------------------------------------------------------------
Two CVE Identifiers Cited in Numerous Security Advisories and News Media References
about the "Badlock" Vulnerability
Two CVE Identifiers - CVE-2016-0128 and CVE-2016-2118 - are cited in numerous major
advisories, posts, and news media references related to the "Badlock" vulnerability,
including the following examples:
https://nakedsecurity.sophos.com/2016/04/12/badlock-revealed-probably-not-as-bad-as-you-
thought/
http://www.computerworld.com/article/3055917/security/microsoft-samba-badlock-flaw-not-c
ritical-but-serious-enough.html
http://www.infoworld.com/article/3055572/security/dont-let-badlock-distract-you-from-rea
l-vulnerabilities.html
https://threatpost.com/badlock-vulnerability-falls-flat-against-its-hype/117349/
http://www.networkworld.com/article/3054645/security/microsoft-rated-6-of-13-security-up
dates-as-critical-badlock-bug-fix-rated-important.html
http://www.eweek.com/security/badlock-flaw-disclosed-as-microsoft-issues-13-security-adv
isories.html
http://www.theregister.co.uk/2016/04/12/badlock_bug_windows_samba/
http://news.softpedia.com/news/microsoft-patches-overhyped-badlock-vulnerability-502887.
shtml
http://www.itpro.co.uk/security/26347/microsofts-patch-tuesday-deals-with-badlock-bug
http://www.infosecurity-magazine.com/news/patch-tuesday-badlock-bulletin/
http://www.darkreading.com/vulnerabilities---threats/badlock-bug-declared-a-bust--but-pa
tch-anyway/d/d-id/1325083
http://blog.trendmicro.com/trendlabs-security-intelligence/how-bad-is-badlock/
Other news articles may be found by searching on "CVE-2016-0128" and "CVE-2016-2118"
using your preferred search engine. Also, the CVE Identifier pages
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0128 and
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118 include lists of advisories
used as references.
ADDITIONAL INFORMATION:
CVE-IDs -
https://cve.mitre.org/cve
News page Article -
https://cve.mitre.org/news/index.html#april222016_Two_CVE_Identifiers_Cited_in_Numerous_
Security_Advisories_and_News_Media_References_about_the_Badlock_Vulnerability
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE Mentioned in Article about Four Vulnerabilities Used in Ransomware Attacks on Dark
Reading
Read these stories and more news at https://cve.mitre.org/news.
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Editorial Board and CVE Numbering Authorities on all matters related
to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2016, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
Thursday, April 28, 2016
Subscribe to:
Comments (Atom)
