Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new compatible products, new website
features, CVE in the news, etc. right to your email box. Common Vulnerabilities and
Exposures (CVE) is the standard for cyber security vulnerability names. CVE content is
approved by the CVE Editorial Board, which is comprised of leading representatives from
the information security community. CVE Numbering Authorities (CNAs) are major OS
vendors, security researchers, and research organizations that assign CVE Identifiers to
newly discovered issues without directly involving MITRE in the details of the specific
vulnerabilities, and include the CVE Identifiers in the first public disclosure of the
vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are
at the end. Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/May 11, 2016
-------------------------------------------------------
Contents:
1. CVE Program Status Update
2. Minutes from CVE Editorial Board Teleconference Meeting on April 21 Now Available
3. CVE Mentioned in Article about a Zero-Day Vulnerability in ImageMagick's Image
Processing Library on Softpedia
4. Also in this Issue
5. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE Program Status Update
We continue to work diligently on expanding CVE assignment in ways that meet the needs
of all the various use cases of CVE. Towards that end, we have begun increasing the
number of organizations participating as CVE Numbering Authorities, or "CNAs" (see
https://cve.mitre.org/news/index.html#april222016_Juniper_Added_as_CVE_Numbering_Authori
ty_CNA).
We are also working closely with the CVE Editorial Board to define additional ways for
CNAs to enable CVE to expand its coverage.
Updates on our progress will continue to be posted to https://cve.mitre.org/ as soon as
they occur.
LINKS:
CNAs -
https://cve.mitre.org/cve/cna.html
CVE Editorial Board -
https://cve.mitre.org/community/board/
CVE-IDs -
https://cve.mitre.org/cve
Questions -
cve@mitre.org
---------------------------------------------------------------
Minutes from CVE Editorial Board Teleconference Meeting on April 21 Now Available
The CVE Editorial Board held a teleconference meeting on April 21, 2016. Read the
meeting minutes at https://cve.mitre.org/data/board/archives/2016-05/msg00004.html.
OTHER LINKS:
CVE Editorial Board -
https://cve.mitre.org/community/board/
CVE News page article -
https://cve.mitre.org/news/index.html#may42016_Minutes_from_CVE_Editorial_Board_Teleconf
erence_Meeting_on_April_21_Now_available
---------------------------------------------------------------
CVE Mentioned in Article about a Zero-Day Vulnerability in ImageMagick's Image
Processing Library on Softpedia
CVE is mentioned in a May 3, 2016 article entitled "ImageTragick Exploit Used in Attacks
to Compromise Sites via ImageMagick 0-Day" on Softpedia. The main topic of the article
is the May 3 announcement of "a vulnerability in the ImageMagick image processing
library deployed with countless Web servers, a zero-day which [the researchers who
discovered the issue] say has been used in live attacks."
CVE is mentioned when the author states: "Nicknamed ImageTragick and identified via the
CVE-2016-3714 vulnerability ID, the issue has a massive attack surface, since, alongside
the GD library, ImageMagick is one of the most used image processing toolkits around .
Mitigation instructions are available on ImageTragick's website."
Visit the CVE website page for CVE-2016-3714 at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714 to learn more about this
issue.
LINKS:
Softpedia article -
https://www.us-cert.gov/
CVE-IDs -
https://cve.mitre.org/cve
CVE News page article -
https://cve.mitre.org/news/index.html#may42016_CVE_Mentioned_in_Article_about_a_Zero_Day
_Vulnerability_in_ImageMagicks_Image_Processing_Library_on_Softpedia
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE Mentioned in Article about 40 Android Vulnerabilities on SC Magazine
* CVE Mentioned in Article about Severe Vulnerabilities in Firefox 46 on Threatpost
Read these stories and more news at https://cve.mitre.org/news.
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Editorial Board and CVE Numbering Authorities on all matters related
to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2016, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment