Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new compatible products, new website
features, CVE in the news, etc. right to your email box. Common Vulnerabilities and
Exposures (CVE) is the standard for cyber security vulnerability names. CVE content is
approved by the CVE Editorial Board, which is comprised of leading representatives from
the information security community. CVE Numbering Authorities (CNAs) are major OS
vendors, security researchers, and research organizations that assign CVE Identifiers to
newly discovered issues without directly involving MITRE in the details of the specific
vulnerabilities, and include the CVE Identifiers in the first public disclosure of the
vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are
at the end. Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/May 26, 2016
-------------------------------------------------------
Contents:
1. Distributed Weakness Filing Project Added as CVE Numbering Authority (CNA)
2. Minutes from CVE Editorial Board Teleconference Meeting on May 5 Now Available
3. CVE Mentioned in Article about a Critical Symantec Vulnerability on SC Magazine
4. Also in this Issue
5. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
Distributed Weakness Filing Project Added as CVE Numbering Authority (CNA)
The Distributed Weakness Filing (DWF) Project is now a CVE Numbering Authority (CNA) for
open source software issues. CNAs are major OS vendors, security researchers, and
research organizations that assign CVE-IDs to newly discovered issues without directly
involving MITRE in the details of the specific vulnerabilities, and include the CVE-ID
numbers in the first public disclosure of the vulnerabilities.
CNAs are the main method for requesting a CVE-ID number. The following 24 organizations
currently participate as CNAs: Adobe; Apple; Attachmate; BlackBerry; CERT/CC; Cisco;
Debian GNU/Linux; Distributed Weakness Filing Project; EMC; FreeBSD; Google; HP; IBM;
ICS-CERT; JPCERT/CC; Juniper; Microsoft; MITRE (primary CNA); Mozilla; Oracle; Red Hat;
Silicon Graphics; Symantec; and Ubuntu Linux.
For more information about requesting CVE-ID numbers from CNAs, visit the CVE Numbering
Authorities page on the CVE website at https://cve.mitre.org/cve/cna.html.
LINKS:
DWF -
https://github.com/distributedweaknessfiling/DWF-Documentation
CNAs -
https://cve.mitre.org/cve/cna.html
CVE-ID numbers -
https://cve.mitre.org/cve/identifiers/index.html#defined
CVE List -
https://cve.mitre.org/cve/
CVE News page article -
https://cve.mitre.org/news/index.html#may242016_Distributed_Weakness_Filing_Project_Adde
d_as_CVE_Numbering_Authority_CNA
---------------------------------------------------------------
Minutes from CVE Editorial Board Teleconference Meeting on May 5 Now Available
The CVE Editorial Board held a teleconference meeting on May 5, 2016. Read the meeting
minutes at http://cve.mitre.org/data/board/archives/2016-05/msg00019.html.
OTHER LINKS:
CVE Editorial Board -
https://cve.mitre.org/community/board/
CVE News page article -
https://cve.mitre.org/news/index.html#may182016_Minutes_from_CVE_Editorial_Board_Telecon
ference_Meeting_on_May_5_Now_Available
---------------------------------------------------------------
CVE Mentioned in Article about a Critical Symantec Vulnerability on SC Magazine
CVE is mentioned in a May 17, 2016 article entitled "Symantec's anti-virus engine
updated, flaw could cause Blue Screen of Death" on SC Magazine. The main topic of the
article is that Symantec Corporation "released an update to its anti-virus engine (AVE)
to repair a kernel-level flaw making the software susceptible to a memory access
violation when parsing a specifically-crafted portable-executable (PE) header file."
CVE is mentioned when the author states: "Symantec said the critical vulnerability,
CVE-2016-2208, affected Symantec anti-virus engine version 20151.1.0.32. These malformed
PE files do not require any user interaction to trigger the parsing of the malformed
files, but they can be received through email, downloading a document or application or
by visiting a malicious web site."
In addition, Symantec is a CVE Numbering Authority (CNA), assigning CVE-IDs for Symantec
issues. CNAs are major OS vendors, security researchers, and research organizations that
assign CVE-IDs to newly discovered issues without directly involving MITRE in the
details of the specific vulnerabilities, and include the CVE-ID numbers in the first
public disclosure of the vulnerabilities.
Visit the CVE Identifier page for CVE-2016-3714 at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2208 to learn more about this
issue.
LINKS:
SC Magazine article -
http://www.scmagazine.com/symantecs-anti-virus-engine-updated-flaw-could-cause-blue-scre
en-of-death/article/496853/
CVE-IDs -
https://cve.mitre.org/cve
CNAs -
https://cve.mitre.org/cve/cna.html
CVE News page article -
https://cve.mitre.org/news/index.html#may182016_CVE_Mentioned_in_Article_about_a_Critica
l_Symantec_Vulnerability_on_SC_Magazine
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE Identifier "CVE-2016-4117" Cited in Numerous Security Advisories and News Media
References about a Zero-Day Adobe Flash Vulnerability
* CVE Mentioned in Article about Apple Issuing Numerous Patches for iOS and OS X on
eWeek
Read these stories and more news at https://cve.mitre.org/news.
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Editorial Board and CVE Numbering Authorities on all matters related
to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2016, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
Thursday, May 26, 2016
Wednesday, May 11, 2016
CVE Announce - May 11, 2016 (opt-in newsletter from the CVE Web site)
Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new compatible products, new website
features, CVE in the news, etc. right to your email box. Common Vulnerabilities and
Exposures (CVE) is the standard for cyber security vulnerability names. CVE content is
approved by the CVE Editorial Board, which is comprised of leading representatives from
the information security community. CVE Numbering Authorities (CNAs) are major OS
vendors, security researchers, and research organizations that assign CVE Identifiers to
newly discovered issues without directly involving MITRE in the details of the specific
vulnerabilities, and include the CVE Identifiers in the first public disclosure of the
vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are
at the end. Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/May 11, 2016
-------------------------------------------------------
Contents:
1. CVE Program Status Update
2. Minutes from CVE Editorial Board Teleconference Meeting on April 21 Now Available
3. CVE Mentioned in Article about a Zero-Day Vulnerability in ImageMagick's Image
Processing Library on Softpedia
4. Also in this Issue
5. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE Program Status Update
We continue to work diligently on expanding CVE assignment in ways that meet the needs
of all the various use cases of CVE. Towards that end, we have begun increasing the
number of organizations participating as CVE Numbering Authorities, or "CNAs" (see
https://cve.mitre.org/news/index.html#april222016_Juniper_Added_as_CVE_Numbering_Authori
ty_CNA).
We are also working closely with the CVE Editorial Board to define additional ways for
CNAs to enable CVE to expand its coverage.
Updates on our progress will continue to be posted to https://cve.mitre.org/ as soon as
they occur.
LINKS:
CNAs -
https://cve.mitre.org/cve/cna.html
CVE Editorial Board -
https://cve.mitre.org/community/board/
CVE-IDs -
https://cve.mitre.org/cve
Questions -
cve@mitre.org
---------------------------------------------------------------
Minutes from CVE Editorial Board Teleconference Meeting on April 21 Now Available
The CVE Editorial Board held a teleconference meeting on April 21, 2016. Read the
meeting minutes at https://cve.mitre.org/data/board/archives/2016-05/msg00004.html.
OTHER LINKS:
CVE Editorial Board -
https://cve.mitre.org/community/board/
CVE News page article -
https://cve.mitre.org/news/index.html#may42016_Minutes_from_CVE_Editorial_Board_Teleconf
erence_Meeting_on_April_21_Now_available
---------------------------------------------------------------
CVE Mentioned in Article about a Zero-Day Vulnerability in ImageMagick's Image
Processing Library on Softpedia
CVE is mentioned in a May 3, 2016 article entitled "ImageTragick Exploit Used in Attacks
to Compromise Sites via ImageMagick 0-Day" on Softpedia. The main topic of the article
is the May 3 announcement of "a vulnerability in the ImageMagick image processing
library deployed with countless Web servers, a zero-day which [the researchers who
discovered the issue] say has been used in live attacks."
CVE is mentioned when the author states: "Nicknamed ImageTragick and identified via the
CVE-2016-3714 vulnerability ID, the issue has a massive attack surface, since, alongside
the GD library, ImageMagick is one of the most used image processing toolkits around .
Mitigation instructions are available on ImageTragick's website."
Visit the CVE website page for CVE-2016-3714 at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714 to learn more about this
issue.
LINKS:
Softpedia article -
https://www.us-cert.gov/
CVE-IDs -
https://cve.mitre.org/cve
CVE News page article -
https://cve.mitre.org/news/index.html#may42016_CVE_Mentioned_in_Article_about_a_Zero_Day
_Vulnerability_in_ImageMagicks_Image_Processing_Library_on_Softpedia
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE Mentioned in Article about 40 Android Vulnerabilities on SC Magazine
* CVE Mentioned in Article about Severe Vulnerabilities in Firefox 46 on Threatpost
Read these stories and more news at https://cve.mitre.org/news.
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Editorial Board and CVE Numbering Authorities on all matters related
to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2016, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
designed to bring recent news about CVE, such as new compatible products, new website
features, CVE in the news, etc. right to your email box. Common Vulnerabilities and
Exposures (CVE) is the standard for cyber security vulnerability names. CVE content is
approved by the CVE Editorial Board, which is comprised of leading representatives from
the information security community. CVE Numbering Authorities (CNAs) are major OS
vendors, security researchers, and research organizations that assign CVE Identifiers to
newly discovered issues without directly involving MITRE in the details of the specific
vulnerabilities, and include the CVE Identifiers in the first public disclosure of the
vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are
at the end. Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/May 11, 2016
-------------------------------------------------------
Contents:
1. CVE Program Status Update
2. Minutes from CVE Editorial Board Teleconference Meeting on April 21 Now Available
3. CVE Mentioned in Article about a Zero-Day Vulnerability in ImageMagick's Image
Processing Library on Softpedia
4. Also in this Issue
5. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE Program Status Update
We continue to work diligently on expanding CVE assignment in ways that meet the needs
of all the various use cases of CVE. Towards that end, we have begun increasing the
number of organizations participating as CVE Numbering Authorities, or "CNAs" (see
https://cve.mitre.org/news/index.html#april222016_Juniper_Added_as_CVE_Numbering_Authori
ty_CNA).
We are also working closely with the CVE Editorial Board to define additional ways for
CNAs to enable CVE to expand its coverage.
Updates on our progress will continue to be posted to https://cve.mitre.org/ as soon as
they occur.
LINKS:
CNAs -
https://cve.mitre.org/cve/cna.html
CVE Editorial Board -
https://cve.mitre.org/community/board/
CVE-IDs -
https://cve.mitre.org/cve
Questions -
cve@mitre.org
---------------------------------------------------------------
Minutes from CVE Editorial Board Teleconference Meeting on April 21 Now Available
The CVE Editorial Board held a teleconference meeting on April 21, 2016. Read the
meeting minutes at https://cve.mitre.org/data/board/archives/2016-05/msg00004.html.
OTHER LINKS:
CVE Editorial Board -
https://cve.mitre.org/community/board/
CVE News page article -
https://cve.mitre.org/news/index.html#may42016_Minutes_from_CVE_Editorial_Board_Teleconf
erence_Meeting_on_April_21_Now_available
---------------------------------------------------------------
CVE Mentioned in Article about a Zero-Day Vulnerability in ImageMagick's Image
Processing Library on Softpedia
CVE is mentioned in a May 3, 2016 article entitled "ImageTragick Exploit Used in Attacks
to Compromise Sites via ImageMagick 0-Day" on Softpedia. The main topic of the article
is the May 3 announcement of "a vulnerability in the ImageMagick image processing
library deployed with countless Web servers, a zero-day which [the researchers who
discovered the issue] say has been used in live attacks."
CVE is mentioned when the author states: "Nicknamed ImageTragick and identified via the
CVE-2016-3714 vulnerability ID, the issue has a massive attack surface, since, alongside
the GD library, ImageMagick is one of the most used image processing toolkits around .
Mitigation instructions are available on ImageTragick's website."
Visit the CVE website page for CVE-2016-3714 at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714 to learn more about this
issue.
LINKS:
Softpedia article -
https://www.us-cert.gov/
CVE-IDs -
https://cve.mitre.org/cve
CVE News page article -
https://cve.mitre.org/news/index.html#may42016_CVE_Mentioned_in_Article_about_a_Zero_Day
_Vulnerability_in_ImageMagicks_Image_Processing_Library_on_Softpedia
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE Mentioned in Article about 40 Android Vulnerabilities on SC Magazine
* CVE Mentioned in Article about Severe Vulnerabilities in Firefox 46 on Threatpost
Read these stories and more news at https://cve.mitre.org/news.
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Editorial Board and CVE Numbering Authorities on all matters related
to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2016, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
Subscribe to:
Comments (Atom)
