Mozilla have released updates to Firefox browser to address a bunch of vulnerabilities of which several categorized as critical and high.
Affected products are:
- Mozilla Firefox earlier than 49
- Mozilla Firefox earlier than ESR 45.4
Lists of fixed vulnerabilities:
- Security vulnerabilities fixed in Firefox 49
- Security vulnerabilities fixed in Firefox ESR 45.4
Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thursday, September 22, 2016
Sunday, September 18, 2016
VMware Updates Available
VMware has released security update to patch multiple vulnerabilities in their virtualization applications.
Affected versions:
- VMware Workstation Pro versions earlier than 12.5.0 on Windows platform
- VMware Player versions earlier than 12.5.0 on Windows platform
- VMware Tools versions earlier than 10.0.9 on Mac OS X platform
- VMware ESXi versions 6.0 and 5.5 and Fusion versions earlier than 8.5.0 include also vulnerable version of VMware Tools
Further information including updating instructions can be read from VMware's security advisory.
Affected versions:
- VMware Workstation Pro versions earlier than 12.5.0 on Windows platform
- VMware Player versions earlier than 12.5.0 on Windows platform
- VMware Tools versions earlier than 10.0.9 on Mac OS X platform
- VMware ESXi versions 6.0 and 5.5 and Fusion versions earlier than 8.5.0 include also vulnerable version of VMware Tools
Further information including updating instructions can be read from VMware's security advisory.
Security Update Available for Adobe AIR SDK & Compiler
There has been released a new version of Adobe AIR SDK & Compiler. New version adds support for secure transmission of runtime analytics for AIR applications on Android (CVE-2016-6936).
Affected are Adobe AIR SDK & Compiler 22.0.0.153 and earlier versions on Windows and Macintosh.
More information from Adobe security bulletin.
Affected are Adobe AIR SDK & Compiler 22.0.0.153 and earlier versions on Windows and Macintosh.
More information from Adobe security bulletin.
Vulnerabilities Fixed In Adobe Digital Editions
Adobe have released a new version of their ebook reader software Adobe Digital Editions. The new version fixes critical memory corruption vulnerabilities that may allow an attacker to execute arbitrary code in vulnerable system.
Affected versions are Adobe Digital Editions 4.5.1 and earlier versions on Windows, Macintosh, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.2).
More information (including download instructions for new version) can be read from Adobe security bulletin.
Affected versions are Adobe Digital Editions 4.5.1 and earlier versions on Windows, Macintosh, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.2).
More information (including download instructions for new version) can be read from Adobe security bulletin.
Labels:
adobe,
digital editions,
security,
update,
vulnerability
Adobe Flash Player Update Available
Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 22.0.0.211 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 23.0.0.162
- Users of Adobe Flash Player 11.2.202.632 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.635
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 22.0.0.211 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 23.0.0.162
- Users of Adobe Flash Player 11.2.202.632 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.635
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Wednesday, September 14, 2016
Google Chrome Updated
Google have released version 53.0.2785.113 of their Chrome web browser. Among other changes the new version contains also security vulnerability fixes. More information about changes in Google Chrome Releases blog.
Microsoft Security Updates For September 2016
Microsoft have released security updates for September 2016. This month update contains 14 security bulletins of which seven categorized as critical and also seven as important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Vulnerabilities Fixed In Wireshark
There have been fixed vulnerabilities in Wireshark, free open source program for analyzing network protocols.
Vulnerable are 2.0.x versions 2.0.0-2.0.5
Non vulnerable version can be downloaded here.
More information can be read from the related advisories:
- wnpa-sec-2016-55
- wnpa-sec-2016-54
- wnpa-sec-2016-53
- wnpa-sec-2016-52
- wnpa-sec-2016-51
- wnpa-sec-2016-50
Vulnerable are 2.0.x versions 2.0.0-2.0.5
Non vulnerable version can be downloaded here.
More information can be read from the related advisories:
- wnpa-sec-2016-55
- wnpa-sec-2016-54
- wnpa-sec-2016-53
- wnpa-sec-2016-52
- wnpa-sec-2016-51
- wnpa-sec-2016-50
Thursday, September 8, 2016
Symantec Intelligence Report: August 2016
Symantec have published their Intelligence report that sums up the latest threat trends for August 2016.
The report can be viewed here.
The report can be viewed here.
WordPress 4.6.1 Released
There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.
Affected versions:
WordPress versions earlier than 4.6.1
More information can be read from the WordPress blog.
Affected versions:
WordPress versions earlier than 4.6.1
More information can be read from the WordPress blog.
Wednesday, September 7, 2016
Adobe ColdFusion Hotfix Available
Adobe have released updated versions of ColdFusion web application development platform. These hotfixes resolve an issue associated with parsing crafted XML entities that could lead to information disclosure (CVE-2016-4264).
Affected versions:
- ColdFusion 11: update 9 and earlier versions
- ColdFusion 10: update 20 and earlier versions
More information can be read from Adobe's security bulletin.
Affected versions:
- ColdFusion 11: update 9 and earlier versions
- ColdFusion 10: update 20 and earlier versions
More information can be read from Adobe's security bulletin.
Labels:
adobe,
coldfusion,
security,
update,
vulnerability
Saturday, September 3, 2016
Google Chrome Updated
Google have released versions 53.0.2785.89 (for Windows & Mac) and 53.0.2785.92 (for Linux) of their Chrome web browser. Among other changes the new version contains 33 security vulnerability fixes. More information about changes in Google Chrome Releases blog.
Subscribe to:
Posts (Atom)