Hello, welcome to the Monday, November 23rd, 2020 edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Here in the United States, this week, of course, is Thanksgiving week with that no podcast on Thursday and Friday and likely shorter podcast the other days

because it tends to be sort of a little bit slow newsweek.

And Thanksgiving 2000, so about 20 years ago, was actually the weekend where I wrote the first

version of De Hilton made it live the week after.

So to celebrate this, we'll do another Raspberry Pi giveaway this week.

What you'll have to do is go to the show notes page and there is a link to a quick survey.

Two questions and the third question is then your email address.

So if you would like to participate in the giveaway, just leave your email address.

And well, in security news, we have a VMware update to start out with.

It fixes a critical vulnerability in VMware ESXI and

Workstation as well as Fusion. This is approach escalation vulnerability that would

essentially allow an administrator of a virtual machine to run code on the host.

The vulnerable component here is the XHCI USB controller.

So for the ESXI folks who may have a harder time upgrading than some of the workstation

products, you have the option to just disable this USB controller,

which is probably not often really used.

And if you're one of the few organizations running IBM's DB2 database,

there is an update for you that fixes, first of all, DL hijacking vulnerability,

and then also a buffer overflow vulnerability that could be used by a local attacker to execute

code with root privileges, so it doesn't appear to be exploitable across the network,

...