Mozilla have released updated versions of Firefox browser to address security vulnerabilities.
Affected products are:
- Mozilla Firefox earlier than 63 (advisory)
- Mozilla Firefox earlier than ESR 60.3 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox
Tuesday, October 30, 2018
Sunday, October 21, 2018
Vulnerability In Yammer Fixed
Microsoft has released a new version of Yammer desktop application. New version fixes a remote code execution vulnerability (CVE-2018-8569). By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user.
More information in related security advisory.
More information in related security advisory.
New Drupal Version Available
There have been released new versions of open-source content management framework Drupal. New versions fix multiple vulnerabilities.
Affected versions:
Drupal core 7.x versions prior to 7.60
Drupal core 8.6.x versions prior to 8.6.2
Drupal core 8.5.x versions prior to 8.5.8
More information in Drupal security advisory.
Affected versions:
Drupal core 7.x versions prior to 7.60
Drupal core 8.6.x versions prior to 8.6.2
Drupal core 8.5.x versions prior to 8.5.8
More information in Drupal security advisory.
VMware Updates Available
VMware has released security updates to patch an out-of-bounds read vulnerability (CVE-2018-6974) in their virtualization applications. The vulnerability may allow a guest to execute arbitrary code on the host.
Affected versions:
- VMware ESXi 6.7 without ESXi670-201810101-SG patch
- VMware ESXi 6.5 without ESXi650-201808401-BG patch
- VMware ESXi 6.0 without ESXi600-201808401-BG patch
- VMware Workstation Pro / Player 14.x versions earlier than 14.1.3
- VMware Fusion Pro / Fusion 10.x versions earlier than 10.1.3
Further information including updating instructions can be read from VMware's security advisory.
Affected versions:
- VMware ESXi 6.7 without ESXi670-201810101-SG patch
- VMware ESXi 6.5 without ESXi650-201808401-BG patch
- VMware ESXi 6.0 without ESXi600-201808401-BG patch
- VMware Workstation Pro / Player 14.x versions earlier than 14.1.3
- VMware Fusion Pro / Fusion 10.x versions earlier than 10.1.3
Further information including updating instructions can be read from VMware's security advisory.
Oracle Critical Patch Update For Q4 of 2018
Oracle have released updates for their products that fix 301 security issues (including 12 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in January 2019.
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in January 2019.
Thursday, October 18, 2018
Symantec Intelligence Report: September 2018
Symantec have published their Intelligence report that sums up the latest threat trends for September 2018.
The report can be viewed here.
The report can be viewed here.
Google Chrome Updated
Google have released a version 70.0.3538.67 of their Chrome web browser. New version contains fixes to 23 security vulnerabilities. More information about changes in Google Chrome Releases blog.
Saturday, October 13, 2018
New Version Of iCloud For Windows Released
Apple have released version 7.7 of their iCloud client for Windows. New version fixes security vulnerabilities.
More information about the security content of iCloud for Windows 7.7 can be read from related security advisory.
Users of old versions should update to the latest one available here.
More information about the security content of iCloud for Windows 7.7 can be read from related security advisory.
Users of old versions should update to the latest one available here.
Adobe Technical Communications Suite Updated
Adobe has released an updated version of their Technical Communications Suite. Successful exploitation of the vulnerability may lead to privilege escalation.
Affected are versions 1.0.5.1 and below.
More information from the Adobe's security advisory.
Affected are versions 1.0.5.1 and below.
More information from the Adobe's security advisory.
Adobe Framemaker Updated
Adobe has released an updated version of their Framemaker. Successful exploitation of the vulnerability may lead to privilege escalation.
Affected are versions 1.0.5.1 and below.
More information from the Adobe's security advisory.
Affected are versions 1.0.5.1 and below.
More information from the Adobe's security advisory.
Adobe Experience Manager Updated
Adobe has released updated versions of their Experience Manager. Updates fix two moderate and three important categorized vulnerabilities.
Affected are versions 6.0, 6.1, 6.2, 6.3 and 6.4
More information from the Adobe's security advisory.
Affected are versions 6.0, 6.1, 6.2, 6.3 and 6.4
More information from the Adobe's security advisory.
New Version of Adobe Digital Editions Available
Adobe have released a new version of their ebook reader software Adobe Digital Editions. Successful exploitation of the fixed vulnerabilities could lead to arbitrary code execution in the context of current user.
Affected versions are Adobe Digital Editions 4.5.8 and earlier versions on Windows, Macintosh and iOS. Users of affected versions should update their versions to the latest one (currently 4.5.9).
More information (including download instructions for new version) can be read from Adobe's security bulletin.
Affected versions are Adobe Digital Editions 4.5.8 and earlier versions on Windows, Macintosh and iOS. Users of affected versions should update their versions to the latest one (currently 4.5.9).
More information (including download instructions for new version) can be read from Adobe's security bulletin.
Adobe Flash Player Updated
Adobe have released updated versions of their Flash Player. This time the new versions don't contain security vulnerability fixes but fix feature and performance bugs.
Affected versions:
- Users of Adobe Flash Player 31.0.0.108 and earlier versions for Windows should update to Adobe Flash Player 31.0.0.122
- Users of Adobe Flash Player 31.0.0.108 and earlier versions for Macintosh should update to Adobe Flash Player 31.0.0.122
- Users of Adobe Flash Player 31.0.0.108 and earlier versions for Linux should update to Adobe Flash Player 31.0.0.122
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 31.0.0.108 and earlier versions for Windows should update to Adobe Flash Player 31.0.0.122
- Users of Adobe Flash Player 31.0.0.108 and earlier versions for Macintosh should update to Adobe Flash Player 31.0.0.122
- Users of Adobe Flash Player 31.0.0.108 and earlier versions for Linux should update to Adobe Flash Player 31.0.0.122
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Latest PHP Versions Available
PHP development team has released 7.2.11 and 7.1.23 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.2.11
Version 7.1.23
Changelogs:
Version 7.2.11
Version 7.1.23
Denial-of-service Vulnerability In VMware Products
There has been found a denial-of-service (DoS) vulnerability in 3D-acceleration feature in Vmware ESXi, Workstation and Fusion. That can be caused by a 3D-rendering shader when an infinite loop occurs in it.
The workaround is to turn the 3D-acceleration off in the affected programs. More details in related security advisory.
The workaround is to turn the 3D-acceleration off in the affected programs. More details in related security advisory.
Thursday, October 11, 2018
Microsoft Security Updates For October 2018
Microsoft have released security updates for October 2018.
Summary of the updates (filter by inserting 9/12/2018 to the From field and 10/09/2018 to the To field) here.
Summary of the updates (filter by inserting 9/12/2018 to the From field and 10/09/2018 to the To field) here.
Saturday, October 6, 2018
Mozilla Thunderbird Update Available
Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.
Affected versions:
Mozilla Thunderbird versions earlier than 60.2.1
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Affected versions:
Mozilla Thunderbird versions earlier than 60.2.1
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Mozilla Firefox Updated
Mozilla have released updated versions of Firefox browser to address security vulnerabilities.
Affected products are:
- Mozilla Firefox earlier than 62.0.3 (advisory)
- Mozilla Firefox earlier than ESR 60.2.2 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox
Affected products are:
- Mozilla Firefox earlier than 62.0.3 (advisory)
- Mozilla Firefox earlier than ESR 60.2.2 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox
Adobe Reader And Acrobat Security Updates
Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to execute arbitrary code in the context of the current user in the affected system.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2018.011.20063 and earlier
*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30102 and earlier
*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30452 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2018.011.20063 and earlier
*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30102 and earlier
*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30452 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Subscribe to:
Posts (Atom)
