Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.
Affected versions:
Mozilla Thunderbird versions earlier than 60.7
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Saturday, May 25, 2019
Mozilla Firefox Updated
Mozilla have released updated versions of Firefox browser to address security vulnerabilities.
Affected products are:
- Mozilla Firefox earlier than 67 (advisory)
- Mozilla Firefox earlier than ESR 60.7 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox
Affected products are:
- Mozilla Firefox earlier than 67 (advisory)
- Mozilla Firefox earlier than ESR 60.7 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox
Saturday, May 18, 2019
VMware Updates Available
VMware have released updated versions of their virtualization software patching multiple moderate categorized vulnerabilities.
Affected versions:
-vCenter 6.7 earlier than U2a
-vCenter 6.5 earlier than U2g
-vCenter 6.0 earlier than U3i
-ESXi 6.7 without Patch Release ESXi670-201905001
-ESXi 6.5 without Patch Release ESXi650-201905001
-ESXi 6.0 without Patch Release ESXi600-201905001
-VMware Workstation Pro/Player versions earlier than 15.1.0
-VMware Fusion earlier than 11.1.0
More information in VMware advisories here and here.
Affected versions:
-vCenter 6.7 earlier than U2a
-vCenter 6.5 earlier than U2g
-vCenter 6.0 earlier than U3i
-ESXi 6.7 without Patch Release ESXi670-201905001
-ESXi 6.5 without Patch Release ESXi650-201905001
-ESXi 6.0 without Patch Release ESXi600-201905001
-VMware Workstation Pro/Player versions earlier than 15.1.0
-VMware Fusion earlier than 11.1.0
More information in VMware advisories here and here.
Wednesday, May 15, 2019
Critical Vulnerability In Citrix Workspace App And Receiver For Windows
There has been found a critical vulnerability in Citrix Workspace app and Receiver for Windows. By exploiting the vulnerability an attacker could run arbitrary code on the client system.
Affected versions:
- Citrix Workspace app earlier than version 1904
- Receiver for Windows earlier than version 4.9.6001.
More information here
Affected versions:
- Citrix Workspace app earlier than version 1904
- Receiver for Windows earlier than version 4.9.6001.
More information here
Adobe Media Encoder Patched
Adobe have released an updated versions of their Media Encoder. The new versions fix two vulnerabilities of which one a critical vulnerability (CVE-2019-7842) related to file parsing. By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user. The other vulnerability is an information disclosure vulnerability (CVE-2019-7844) and it is categorized as important.
Affected versions:
- Adobe Media Encoder versions earlier than 13.1
More information can be read from Adobe's security bulletin.
Affected versions:
- Adobe Media Encoder versions earlier than 13.1
More information can be read from Adobe's security bulletin.
Adobe Flash Player Updated
Adobe have released updated versions of their Flash Player. The new versions contain a fix to critical vulnerability (CVE-2019-7837). By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user.
Affected versions:
- Users of Adobe Flash Player 32.0.0.171 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.192
- Users of Adobe Flash Player 32.0.0.171 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.192
- Users of Adobe Flash Player 32.0.0.171 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.192
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 32.0.0.171 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.192
- Users of Adobe Flash Player 32.0.0.171 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.192
- Users of Adobe Flash Player 32.0.0.171 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.192
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Adobe Reader And Acrobat Security Updates
Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.010.20099
*Acrobat 2017 and Acrobat Reader DC 2017, 2017 classic track
versions earlier than 2017.011.30142
*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30497
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerability can be read from Adobe's security bulletin.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.010.20099
*Acrobat 2017 and Acrobat Reader DC 2017, 2017 classic track
versions earlier than 2017.011.30142
*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30497
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerability can be read from Adobe's security bulletin.
Chrome Vulnerability Fixed
Google have released 74.0.3729.157 version of their Chrome web browser. The new version contains a fix to a security vulnerability. More information in Chrome release blog.
Microsoft Security Updates For May 2019
Microsoft have released security updates for May 2019.
Summary of the updates (filter by inserting 04/13/2019 to the From field and 05/14/2019 to the To field) here.
Summary of the updates (filter by inserting 04/13/2019 to the From field and 05/14/2019 to the To field) here.
Saturday, May 11, 2019
Symantec Intelligence Report: April 2019
Symantec have published their Intelligence report that sums up the latest threat trends for April 2019.
The report can be viewed here.
The report can be viewed here.
Friday, May 10, 2019
New Drupal Versions Available
There have been released new versions of open-source content management framework Drupal. New versions contain patched version of third party libraries required by Drupal core.
Affected versions:
Drupal core 8.7.x versions prior to 8.7.1
Drupal core 8.6.x versions prior to 8.6.16
Drupal 7.x versions prior to 7.67
More information in Drupal security advisory.
Affected versions:
Drupal core 8.7.x versions prior to 8.7.1
Drupal core 8.6.x versions prior to 8.6.16
Drupal 7.x versions prior to 7.67
More information in Drupal security advisory.
Latest PHP Versions Available
PHP development team has released 7.3.5, 7.2.18 and 7.1.29 versions of the PHP scripting language Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.3.5
Version 7.2.18
Version 7.1.29
Changelogs:
Version 7.3.5
Version 7.2.18
Version 7.1.29
Thursday, May 2, 2019
Oracle Critical Patch Update For Q2 of 2019
Oracle have released updates for their products that fix 297 security issues (including five Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in July 2019.
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in July 2019.
Subscribe to:
Posts (Atom)
