Mozilla have released updated versions of their Thunderbird email client containing fixes to security vulnerabilities.
Affected versions:
- Mozilla Thunderbird earlier than 78.2 (advisory)
- Mozilla Thunderbird earlier than 68.12 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Monday, August 31, 2020
Mozilla Thunderbird Updated
Mozilla Firefox Vulnerabilities Fixed
Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.
Affected versions:
-Mozilla Firefox earlier than 80 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.2 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.12 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.
VMware Vulnerabilities Fixed
VMware have released updated versions of their virtualization software patching a security vulnerability (CVE-2020-3976).
Affected versions:
-VMware ESXi 7.0 without ESXi_7.0.0-1.25.16324942 update
-VMware ESXi 6.7 without ESXi670-202008101-SG / ESXi670-202008401-BG update
-VMware ESXi 6.5 without ESXi650-202007401-BG / ESXi650-202007101-SG update
-VMware Cloud Foundation (ESXi) 4.x.x versions earlier than 4.0.1
-VMware Cloud Foundation (ESXi) 3.x.x versions earlier than 3.10.0
-vCenter Server 7.x versions earlier than 7.0.0b
-vCenter Server 6.7.x versions earlier than 6.7u3j
-vCenter Server 6.5.x versions earlier than 6.5u3k
-VMware Cloud Foundation (vCenter) 4.x.x versions earlier than 4.0.1
-VMware Cloud Foundation (vCenter) 3.x.x versions earlier than 3.10.1 (release pending)
More information in VMware advisory here.
Thursday, August 27, 2020
New Chrome Version Available
Google have released a version 85.0.4183.83 of their Chrome web browser. In addition to other changes 20 security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.
Friday, August 14, 2020
vBulletin Update Available
There has been released an update to vBulletin, a popular forum software that is used on almost 20000 internet sites to address a critical security vulnerability. The vulnerability bypasses a fix for CVE-2019-16759, a previously disclosed remote code execution vulnerability in vBulletin. There have already been seen attacks in the wild exploiting this vulnerability.
Currently there are fix available for these vBulletin versions:
5.6.2
5.6.1
5.6.0
All other versions of vBulletin prior to the 5.6.x branch are considered vulnerable. Users should migrate over to a patched version as soon as possible.
Instructions for updating:
https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch
More information:
https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed
Wednesday, August 12, 2020
Google Chrome Updated
Google have released a version 84.0.4147.125 of their Chrome web browser. In addition to other changes 15 security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.
Adobe Lightroom Updated
Adobe have released security update to fix a vulnerability (CVE-2020-9724) in Adobe Lightroom Classic. Exploiting the vulnerability could lead to privilege escalation in the context of the current user.
Affected versions:
*Lightroom Classic earlier than 9.3
Users of vulnerable versions are instructed to update their versions by using the Creative Cloud desktop app's update functionality (help).
More information about fixed vulnerability can be read from Adobe's security bulletin.
Adobe Reader And Acrobat Security Updates
Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2020.012.20041
*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 2020.001.30005
*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 2017.011.30175
*Acrobat 2015 and Acrobat Reader 2015, 2015 classic track
versions earlier than 2015.006.30527
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerability can be read from Adobe's security bulletin.
New iCloud Versions For Windows Released
Apple have released new versions of their iCloud client for Windows. New versions fix security vulnerabilities.
iCloud for Windows 11.3 is for Windows 10 and later and is available via Windows Store. iCloud for Windows 7.20 is available for Windows 7 and later.
More information about the security content of the new versions can be read from the correspondent security advisories:
-iCloud 11.3
-iCloud 7.20
ITunes 12.10.8 For Windows Released
Apple have released version 12.10.8 of their iTunes media player. New version fixes security vulnerabilities.
More information about the security content of iTunes 12.10.7 can be read from related security advisory.
Users of old versions should update to the latest one available.
Vulnerability In Newsletter Plugin Fixed
There has been released an update to Newsletter, a WordPress plugin. This plugin is used in over 300000 installations. Fix includes patch to security vulnerabilities.
Affected versions:
Newsletter WordPress plugin versions earlier than 6.8.2
More information in Wordfence blog
New PHP versions available
PHP development team has released 7.4.9, 7.3.21 and 7.2.33 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.4.9
Version 7.3.21
Version 7.2.33
Microsoft Security Updates For August 2020
Microsoft have released security updates for August 2020.
Summary of the updates (filter by inserting 07/10/2020 to the From field and 08/11/2020 to the To field) here.
Vulnerability in Divi, Extra and Divi Builder Fixed
There have been released updates to two themes by Elegant Themes, Divi and Extra and also to Divi Builder which is a WordPress plugin. Together these products are used on aproximately 700000 sites. The vulnerability gives authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.
Affected versions:
Divi versions between 3.0 and 4.5.2
Extra versions between 2.0 and 4.5.2
Divi Builder versions between 2.0 and 4.5.2
More information in Wordfence blog.
Sunday, August 2, 2020
wpDiscuz Vulnerability Fixed
Affected versions:
wpDiscuz versions between 7.0.0 and 7.0.4
More information in Wordfence blog here.
Mozilla Firefox Updated
Affected versions:
-Mozilla Firefox earlier than 79 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.1 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.11 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.
Mozilla Thunderbird New Versions Released
Affected versions:
- Mozilla Thunderbird earlier than 78.1 (advisory)
- Mozilla Thunderbird earlier than 68.11 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Saturday, August 1, 2020
Oracle Critical Patch Update For Q3 of 2020
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in October 2020.