Friday, April 23, 2021

Vulnerability In MySQL For Windows

There has been found a security vulnerability in MySQL for Windows. The vulnerability is a privilege escalation type of vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files.

By placing a specially-crafted openssl.cnf in a C:\build_area subdirectory, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable MySQL software installed.

This vulnerability is addressed in the MySQL Windows installer version 8.0.24 and 5.7.34.

More information can be read here.

Google Chrome updated

Google have released version 90.0.4430.85 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to seven security vulnerabilities of which one (CVE-2021-21224) is exploited in the wild.

More information can be read from Google Chrome releases blog.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.10 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 88 (advisory
-Mozilla Firefox ESR 78.x earlier than 78.10 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Oracle Critical Patch Update For Q2 of 2021

Oracle have released updates for their products that fix 390 security issues (including four Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

The next Oracle CPU is planned to be released in July 2021.

Friday, April 16, 2021

New Google Chrome Version Available

Google have released a version 90.0.4430.72 of their Chrome web browser. In addition to other changes 37 security vulnerabilities were fixed. 

More information about changes can be viewed in Google Chrome release blog.

New WordPress Version Released

There has been released a new version of WordPress (blogging tool and content management system) which contains also patches to two security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 5.7.1

More information can be read from the WordPress blog.

Google Chrome updated

Google have released version 89.0.4389.128 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to two security vulnerabilities.

More information can be read from Google Chrome releases blog.

New Version Of Adobe Photoshop Available

Adobe have released new versions of Adobe Photoshop for Windows and macOS. These updates resolve two critical security vulnerabilities (CVE-2021-28548, CVE-2021-28549) that could lead to arbitrary code execution in the context of the current user.

Affected versions:
- Adobe Photoshop 2020 versions 21.x earlier than 21.2.7
- Adobe Photoshop 2021 versions 22.x earlier than 22.3.1

Instructions for updating are given in related security bulletin.

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The updated version contains fix to one privilege escalation vulnerability (CVE-2021-21100).

Affected versions are Adobe Digital Editions earlier than 4.5.11.187606 version on macOS.

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe Bridge Updated

Adobe Bridge has received a new version. This new version resolves critical vulnerabilities which may allow execution of arbitrary code.

Affected versions:
- Adobe Bridge 10.1.1 and earlier versions for Windows
- Adobe Bridge 11.0.1 and earlier versions for Windows

Solution:
- Update to Adobe Bridge 10.1.2
- Update to Adobe Bridge 11.0.2


More information can be read from Adobe's security bulletin.

RoboHelp Update Available

Adobe has released an updated version of their RoboHelp for Windows. The new version fixes a privilege escalation vulnerability (CVE-2021-21070).

Affected versions:
-RH2020.0.3 and earlier

More information can be read here.

Microsoft Security Updates For April 2021

Microsoft have released security updates for April 2021.

Release notes of the updates can be viewed here.

Monday, April 12, 2021

Mozilla Thunderbird Patch Available

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.9.1 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Friday, April 9, 2021

ClamAV Updated

There has been released a new version 0.103.2 of ClamAV which is an open source antivirus engine. Among other fixes the new version patches also security vulnerabilities including a privilege escalation vulnerability (CVE-2021-1386) related to UnRAR DLL. This correspondent vulnerability affects versions 0.103.1 and prior on Windows only.

More information in ClamAV blog.