Monday, April 30, 2012

PHP Versions 5.3.11 and 5.4.1 Out

PHP development team has released 5.3.11 and 5.4.1 versions of PHP scripting language. New versions contain over 60 bug fixes. Some of these are security related. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

More details about 5.3.11 and 5.4.1 releases can be read from official release announcement.

Sunday, April 29, 2012

Microsoft Security Intelligence Report Volume 12 Released

Microsoft has released volume 12 of their Security Intelligence Report (SIR)). The Security Intelligence Report (SIR) is an investigation of the current threat landscape. The report can be downloaded here.

Saturday, April 28, 2012

Updates To Mozilla Products

Mozilla has released updates to Firefox and Seamonkey browsers and Thunderbird email client to address 14 vulnerabilities of which seven categorized as critical, four as high and three as moderate.
Affected products are:
- Mozilla Thunderbird earlier than 12.0
- Mozilla Thunderbird ESR earlier than 10.0.4
- Mozilla SeaMonkey earlier than 2.9
- Mozilla Firefox earlier than 12.0
- Mozilla Firefox ESR earlier than 10.0.4

Links to the security advisories with details about addressed security issues:
MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds
MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors
MFSA 2012-31 Off-by-one error in OpenType Sanitizer
MFSA 2012-30 Crash with WebGL content using textImage2D
MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
MFSA 2012-27 Page load short-circuit can lead to XSS
MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
MFSA 2012-24 Potential XSS via multibyte content processing errors
MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
MFSA 2012-22 use-after-free in IDBKeyRange
MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9
MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Tuesday, April 24, 2012

WordPress 3.3.2 Released

There's been released a new version of WordPress which contains updates to security vulnerabilities.
More information can be read from WordPress blog.

Thursday, April 19, 2012

Oracle Critical Patch Update For Q2 of 2012

Oracle has released updates for their products that fix 88 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2012.

Monday, April 16, 2012

Vulnerability In VMware Products

There has been found a vulnerability in VMware Tools component of VMware products. The vulnerability may lead to local privilege escalation on Windows-based Guest Operating Systems. Attacker can't exploit this vulnerability to break into the host machine itself.

Affected software versions are:
- Workstation 8.0.1 and earlier
- Player 4.0.1 and earlier
- Fusion 4.1.1 and earlier
- ESXi 5.0 prior update ESXi500-201203102-SG
- ESXi 4.1 prior update ESXi410-201201402-BG
- ESXi 4.0 prior update ESXi400-201203402-BG
- ESXi 3.5 prior update ESXe350-201203402-T-BG
- ESX 4.1 prior update ESX410-201201401-SG
- ESX 4.0 prior update ESX400-201203401-SG
- ESX 3.5 prior update ESX350-201203402-BG

Instructions for updating to a non-vulnerable version can be read from the related security advisory.

Wednesday, April 11, 2012

Adobe Reader And Acrobat Security Updates

Adobe has released security updates to fix a bunch of critical vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat.

Affected versions:
*of series X (10.x)
Adobe Reader 10.1.2 and earlier
Adobe Acrobat 10.1.2 and earlier

*of series 9.x
Adobe Reader 9.5 and earlier 9.x versions
Adobe Acrobat 9.5 and earlier 9.x versions


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended


More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Microsoft Security Updates For April 2012

Microsoft has released security updates for April 2012. This month update contains six security bulletins of which four critical and two important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Tuesday, April 10, 2012

Chrome Updates Released

Google has released a new version of their Chrome web browser. Version 18.0.1025.151 fixes 12 security vulnerabilities of which seven high, four medium and one low categorized.

More information in Google Chrome Releases blog.

After that version, Google released version 18.0.1025.152 that contains fixes to SSL issues (issue 118706) but may reintroduce issue 117371.

Thursday, April 5, 2012

ESET Global Threat Report for March 2012

ESET has released a report discussing global threats of March 2012.

TOP 10 threats list (previous ranking listed too):

1. HTML/ScrInject.B (1.)
2. INF/Autorun (2.)
3. HTML/Iframe.B (3.)
4. Win32/Conficker (4.)
5. JS/Agent (90.)
6. JS/Iframe.AS (66.)
7. Win32/sirefef (-)
8. Win32/Sality (8.)
9. Win32/Dorkbot (7.)
10. JS/Redirector (47.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Sunday, April 1, 2012

New Chrome Version Available

Google have released a new version of their Chrome web browser. Chrome 18 contains some new features like faster graphics (more about these here). Last but not least, new version 18.0.1025.142 contains fixes to three high, five medium and one low catogorized vulnerabilities.

More information in Google Chrome Releases blog.