Saturday, April 27, 2013
Microsoft Security Intelligence Report Volume 14 Released
Microsoft have released volume 14 of their Security Intelligence Report (SIR)). The Security Intelligence Report (SIR) is an investigation of the current threat landscape. The report can be downloaded here.
Symantec Internet Security Threat Report vol 18
Symantec have published their Internet Security Threat Report that highlights some security related things from the year 2012 and also takes a look ahead at the upcoming challenges in security. The report (in pdf format) can be downloaded here.
Thursday, April 18, 2013
Oracle Critical Patch Update For Q2 of 2013
Oracle have released updates for their products that fix 128 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in July 2013.
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in July 2013.
Java Security Updates From Oracle
Oracle have released update for Java JRE & JDK. The update fixes 42 vulnerabilities.
Affected versions are:
- Java 7 JRE and JDK update 17 and earlier
- Java 6 JRE and JDK update 43 and earlier
- Java 5.0 JRE and JDK update 41 and earlier
- JavaFX 2.2.7 and earlier
More information about the update can be read from Java critical patch update document.
Java users are recommended to update their versions to the latest one available as soon as possible.
Affected versions are:
- Java 7 JRE and JDK update 17 and earlier
- Java 6 JRE and JDK update 43 and earlier
- Java 5.0 JRE and JDK update 41 and earlier
- JavaFX 2.2.7 and earlier
More information about the update can be read from Java critical patch update document.
Java users are recommended to update their versions to the latest one available as soon as possible.
Tuesday, April 16, 2013
New Version Of VLC Player Available
VideoLAN project has released a new version of their VLC media player. Version 2.0.6 contains a fix to a buffer overflow vulnerability in ASF demuxer. By exploiting the vulnerability attacker may be able to execute arbitrary code in affected system.
Affected are VLC Player versions prior 2.0.6. Owners of those versions should update to the latest version.
Affected are VLC Player versions prior 2.0.6. Owners of those versions should update to the latest version.
Thursday, April 11, 2013
Shockwave Player Update Available
Adobe have released an updated version of their Shockwave Player. The new version fixes three security vulnerabilities. The update is categorized as critical with priority level as 1.
Users of Adobe Shockwave Player 12.0.0.112 and earlier should update to Adobe Shockwave Player 12.0.2.122.
More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.
Users of Adobe Shockwave Player 12.0.0.112 and earlier should update to Adobe Shockwave Player 12.0.2.122.
More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.
Adobe Flash Player and Adobe AIR Updates Available
Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 11.6.602.180 and earlier versions for Windows should update to Adobe Flash Player 11.7.700.169
- Users of Adobe Flash Player 11.6.602.180 and earlier versions for Macintosh should update to Adobe Flash Player 11.7.700.169
- Users of Adobe Flash Player 11.2.202.275 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.280
- Users of Adobe Flash Player 11.1.115.48 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.54 (applicable only for Flash Player installed before August 15, 2012)
- Users of Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x versions should update to Flash Player 11.1.111.50 (applicable only for Flash Player installed before August 15, 2012)
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 will be updated via Windows Update
- Users of Adobe AIR 3.6.0.6090 and earlier versions for Windows should update to Adobe AIR 3.7.0.1530
- Users of Adobe AIR 3.6.0.6090 and earlier versions for Macintosh should update to Adobe AIR 3.7.0.1530
- Users of Adobe AIR 3.6.0.6090 and earlier versions for Android should update to Adobe AIR 3.7.0.1530
- Users of the Adobe AIR 3.6.0.6090 SDK should update to the Adobe AIR 3.7.0.1530 SDK
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 11.6.602.180 and earlier versions for Windows should update to Adobe Flash Player 11.7.700.169
- Users of Adobe Flash Player 11.6.602.180 and earlier versions for Macintosh should update to Adobe Flash Player 11.7.700.169
- Users of Adobe Flash Player 11.2.202.275 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.280
- Users of Adobe Flash Player 11.1.115.48 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.54 (applicable only for Flash Player installed before August 15, 2012)
- Users of Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x versions should update to Flash Player 11.1.111.50 (applicable only for Flash Player installed before August 15, 2012)
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 will be updated via Windows Update
- Users of Adobe AIR 3.6.0.6090 and earlier versions for Windows should update to Adobe AIR 3.7.0.1530
- Users of Adobe AIR 3.6.0.6090 and earlier versions for Macintosh should update to Adobe AIR 3.7.0.1530
- Users of Adobe AIR 3.6.0.6090 and earlier versions for Android should update to Adobe AIR 3.7.0.1530
- Users of the Adobe AIR 3.6.0.6090 SDK should update to the Adobe AIR 3.7.0.1530 SDK
More information can be read from Adobe's security bulletin.
Microsoft Security Updates For April 2013
Microsoft have released security updates for April 2013. This month update contains nine security bulletins of which two critical and seven important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Wednesday, April 3, 2013
Mozilla Product Updates Released
Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which three categorized as critical, four as high and four as moderate.
Affected products are:
- Mozilla Firefox earlier than 20.0
- Mozilla Firefox ESR earlier than 17.0.5
- Mozilla Thunderbird earlier than 17.0.5
- Mozilla Thunderbird ESR earlier than 17.0.5
- Mozilla SeaMonkey earlier than 2.17
Links to the security advisories with details about addressed security issues:
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-33 World read and write access to app_tmp directory on Android
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey
Affected products are:
- Mozilla Firefox earlier than 20.0
- Mozilla Firefox ESR earlier than 17.0.5
- Mozilla Thunderbird earlier than 17.0.5
- Mozilla Thunderbird ESR earlier than 17.0.5
- Mozilla SeaMonkey earlier than 2.17
Links to the security advisories with details about addressed security issues:
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-33 World read and write access to app_tmp directory on Android
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey
Subscribe to:
Posts (Atom)
