Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1762 Cross-site scripting vulnerabilities patched in MISP 14 June 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: MISP Publisher: MISP Operating System: Linux variants Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-11562 CVE-2018-11245 Original Bulletin: http://www.misp-project.org/2018/06/07/MISP.2.4.92.released.html - --------------------------BEGIN INCLUDED TEXT-------------------- MISP - Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing MISP 2.4.92 released (aka performance improvement) Posted 07 Jun 2018 A new version of MISP 2.4.92 has been released including aggressive performance boosts, various improvements and bug fixes. We received feedback from various users about the negative impact on performance when the MISP warning-lists are enabled (a feature allowing the detection and filtering of false positive attributes in MISP). The performance hit incurred by enabling warning-lists has been reduced to such an extend that enabling them will barely have any impact on performance when viewing or browsing events. We hope this performance gain will increase the overall adoption of the warning-lists. A benchmarking tool has been added to the AppModel allowing us to easily spot performance issues across the application. Aggregate execution time, number of iterations and peaked memory usage can be easily spotted in order to facilitate rapid and accurate profiling of the performance across the various functionalities of MISP. The API has been improved to allow objects to be added by template UUID and version in addition to the local ID. A new role permission to publish to the ZMQ pub-sub channel has been added (as kindly requested by our favorite user, who regularly motivates us by sending decapitated horse heads if we slack). This role allows administrators to enable or disable ZMQ publishing per user. The flash message system has been rewritten from scratch, providing a cleaner approach that relies on bootstrap?s internal flash messaging look and feel, along with 3 different levels of notifications. Allow hard deleting of attributes that were never published in order to avoid the leaking of sensitive information via soft deleted attributes. Two security vulnerabilities were fixed: CVE-2018-11245 and CVE-2018-11562. Thanks to the reporters Jarek Kozluk from zbp.pl and Dawid Czarnecki. Don?t hesitate to contact us for reporting vulnerabilities, we love those contributions. The STIX 1 and STIX 2 exports and imports were migrated to Python 3 (don?t forget to update the dependencies). The STIX 1 export has port and been improved to include additional objects such X.509 certificate custom and MISP objects. The STIX 1 import has been improved for email, object whois, and artifact objects along with tags via journal entries. The export. STIX 2 export has improved regkey object parsing, along with ip The full change log is available here. PyMISP change log is also available. A huge thanks to all the contributors who helped us to improve the software and also all the participants in MISP training which always give intere PyMISP has been also updated, boasting a more clever approach to timestamp handling while updating MISP JSON files. The PyMISP documentation has been updated PDF. MISP standard Internet-Drafts have been updated and published. MISP galaxy, objects and taxonomies were notably extended by many contributors. These are also included by default in MISP. Don?t forget to do a git submodule update and update galaxies, objects and taxonomies via the UI. Don?t forget that the MISP Threat Intelligence Summit 0x4 will take place the Monday 15th October 2018 before hack.lu 2018. A Call-for-Papers is open for the MISP Threat Intelligence Summit 0x4. We would be glad to see users, contributors or organisations actively using MISP or/and threat intelligence to share their experiences and presentation to the CfP. Get In Touch MISP is a community-driven project lead by the community of users. You can get in touch with the MISP core team at the following email: info@misp-project.org * c MISP project. Software released under the AGPL license and content released as CC-BY-SA. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWyHnpmaOgq3Tt24GAQhwjQ/7BRmG7o86Epwn1NwfWuBfLP0EmCI80LH7 IS6px0pn11RJVGWppMclNxBl2Q3+9UO1fgl3tyzYft+T8utXKZtnRiVIRw2YgoRs 8Vk+XdEECB3GUuIX0vHEFNLHPtoEeFXS5kubT9g6BdKPsXq2qmET5EzSHBt5CctV 156dx+YB4nkjInFoDNU0iLJ6jh4EutIzPlo15poNTZO0+u9fikAloG7Lw2ovUwsz XqLOAg1KQBTsbgf8lPCz/oK6d3uY3SNqGA/QFW/DruOMdnN/HDSG9wLF8pgXMkKY ZZVuOl0wXn7osKsSUcd9dAcuLXHlxxq12dZp9mqBgdLDmMRMSppq0/hD/Sd7UBjP /XAaxyy2K9owRPRyVcLPXtFWSGAu2a8XtckRrxCulIsKOkos377ZJeVuyMowBY+K y2exAf+mkHkt/IEeuRci/9a+lIVDJIvhmCNEQSG+eGiJCgwGxdte8K7zKUNKMq55 vkJUqPOou7VwSbOfjArEtuM84TgkfY7dYAsB1oLBy0gLM56dNPbq2E3xGWqhIGcG lGhpwjFflG/qIn/eIA1hK9naulg0KTWhe528RXOHgFtHIyCr6KX4Vxkbv1Ykiepn bokkh858l5UjZZmXUUqQNeB80df7/wNUveTASiiQskCBC7nOVFGKR8fxR4CYu45p HBcp0LBXHuY= =edxD -----END PGP SIGNATURE-----