ASA-2019-00162 – Kubernetes: Security issue allows traffic to be processed by HostPort/portmap rather than by KUBE-SERVICES

A security issue was discovered with interactions between the CNI (Container Networking Interface) portmap plugin versions prior to 0.7.5 and Kubernetes. The CNI portmap plugin is embedded into Kubernetes releases so new releases of Kubernetes are required to fix this issue.

ASA-2019-00158 – GnuTLS: Use-after-free/double-free in certificate verification

A flaw was found in gnutls 3.5.8 or later. A use-after-free in multi-threaded-clients and a double-free vulnerability in single-threaded clients because _gnutls_x509_get_signature does not clear signature->data in the cleanup path.

ASA-2019-00157 – Barracuda: Privilege Escalation in VPN Client

The barracudavpn component of the Barracuda VPN Client prior to version for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.

ASA-2019-00156 – Linux kernel: Object fsnotify_mark refcount leak in inotify_update_existing_watch()

In the Linux kernel since commit 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for inotify_add_watch()"), the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak).

ASA-2019-00155 – Telegram: Internationalized domain name (IDN) homograph attacks

Telegram (tested on all mobile versions and Linux and Windows for desktop) is vulnerable to an IDN homograph attack when displaying messages containing URLs. Homograph attack is a security vulnerability that can deceive users into thinking they are visiting a certain website when in fact they are directed to a different, but homograph, domain name. This type of vulnerability can be used to weaponize social engineering, increasing the chances for a successful attack.