Wednesday, October 7, 2015

VMWare Updates Available

VMware has released security update to patch a bunch of vulnerabilities in their virtualization applications.

Affected versions:
- VMware ESXi 5.5 without patch ESXi550-201509101
- VMware ESXi 5.1 without patch ESXi510-201510101
- VMware ESXi 5.0 without patch ESXi500-201510101
- VMware vCenter Server 6.0 prior to version 6.0 update 1
- VMware vCenter Server 5.5 prior to version 5.5 update 3
- VMware vCenter Server 5.1 prior to version 5.1 update u3b
- VMware vCenter Server 5.0 prior to version 5.0 update u3e

Further information including updating instructions can be read from VMware's security advisory.

PHP Versions 5.6.14 and 5.5.30 Released

PHP development team has released 5.6.14 and 5.5.30 versions of the PHP scripting language. New versions contain fixes to several vulnerabilities. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs can be viewed here.

Tuesday, September 29, 2015

Google Chrome Updated

Google have released version 45.0.2454.101 of their Chrome web browser. Among other bugs two security issues (CVE-2015-1303, CVE-2015-1304) were fixed. More information about changes in Google Chrome Releases blog.

Thursday, September 24, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser to address a bunch of vulnerabilities of which four categorized as critical, five as high, nine as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 41
- Mozilla Firefox ESR earlier than 38.3

Links to the security advisories with details about addressed security issues:
MFSA 2015-114 Information disclosure via the High Resolution Time API
MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library
MFSA 2015-112 Vulnerabilities found through code inspection
MFSA 2015-111 Errors in the handling of CORS preflight request headers
MFSA 2015-110 Dragging and dropping images exposes final URL after redirects
MFSA 2015-109 JavaScript immutable property enforcement can be bypassed
MFSA 2015-108 Scripted proxies can access inner window
MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
MFSA 2015-106 Use-after-free while manipulating HTML media content
MFSA 2015-105 Buffer overflow while decoding WebM video
MFSA 2015-104 Use-after-free with shared workers and IndexedDB
MFSA 2015-103 URL spoofing in reader mode
MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript
MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video
MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater
MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme
MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
MFSA 2015-97 Memory leak in mozTCPSocket to servers
MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)

Fresh version can be obtained via inbuilt updater or by downloading from the product site:

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player and earlier versions for Windows and Macintosh should update to Adobe Flash Player

- Users of Adobe Flash Player and earlier versions for Linux should update to Adobe Flash Player

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR SDK & Compiler and earlier versions should update to the Adobe AIR SDK & Compiler

- Users of Adobe AIR and earlier versions for Desktop Runtime should update to Adobe AIR

More information can be read from Adobe's security bulletin.

WordPress 4.3.1 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities among a bunch of other bug fixes.

Affected versions:
WordPress versions earlier than 4.3.1

More information can be read from the WordPress blog.

Wednesday, September 16, 2015

Google Chrome Updated

Google have released version 45.0.2454.93 of their Chrome web browser. More information about changes in Google Chrome Releases blog.