Sunday, October 27, 2019

More VMware Updates Available


VMware have released updated versions of their virtualization software patching one moderate (CVE-2019-5536) categorized vulnerability.

Affected versions:
-ESXi 6.7 without Patch Release ESXi670-201908101-SG
-ESXi 6.5 without Patch Release ESXi650-201910401-SG
-VMware Workstation Pro/Player versions earlier than 15.5.0
-VMware Fusion earlier than 11.5.0

More information in VMware advisory here.

VMware vCenter Update Available

VMware have released updated versions of VMware vCenter Server Appliance patching two moderate categorized vulnerabilities.

Affected versions:
-vCenter 6.7 earlier than U3a
-vCenter 6.5 earlier than U3d

More information in VMware advisory here.

Mozilla Thunderbird Vulnerable

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities may allow execution of arbitrary code in affected system.

Affected versions:
Mozilla Thunderbird versions earlier than 68.2

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 70 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.2 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Saturday, October 19, 2019

Critical Vulnerability In VMware Products

There has been found a critical vulnerability affecting VMware Cloud Foundation and Harbor Container Registry for PCF products. When exploited the vulnerability (CVE-2019-16919) that may lead to unauthorized access to push/pull/modify images in the target adjacent project.

Affected versions
-VMware Cloud Foundation (fix patch pending)
-VMware Harbor Container Registry for PCF 1.8.x versions earlier than 1.8.4
-VMware Harbor Container Registry for PCF 1.7.x versions are not affected

More information can be read from the correspondent security advisory.

Oracle Critical Patch Update For Q4 of 2019

Oracle have released updates for their products that fix 219 security issues (including 20 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in January 2020.

Thursday, October 17, 2019

New Version Of Foxit Reader And Foxit PhantomPDF Available

Foxit Software has released version 9.7 of their Foxit Reader and Foxit PhantomPDF software. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 9.6.0.25114 and earlier (Windows)
Foxit PhantomPDF 9.6.0.25114 and earlier (Windows)

More information can be read here.

New WordPress Version Released

There has been released a new version of WordPress (blogging tool and content management system) which contains patches to security vulnerabilities too. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 5.2.4

More information can be read from the WordPress blog.

Adobe Download Manager Updated

Adobe has released updated version of their Download Manager for Windows. The new version fixes one important (CVE-2019-8071) categorized vulnerability that could result in privilege escalation.

Affected is version 2.0.0.363. The new version 2.0.0.417 is available for Adobe Reader for Windows here and for Adobe Flash Player for Windows here.

More information from the Adobe's security advisory.

Adobe Experience Manager Forms Updated

Adobe has released updated versions of their Experience Manager Forms. Updates fix one moderate (CVE-2019-8089) categorized vulnerability that could result in sensitive information disclosure.

Affected are versions 6.3, 6.4 and 6.5

More information from the Adobe's security advisory.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.012.20040

*Acrobat 2017 and Acrobat Reader DC, 2017 classic track
versions earlier than 2017.011.30148

*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30503


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader


More information about fixed vulnerability can be read from Adobe's
security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Adobe Experience Manager (AEM). Updates fix multiple vulnerabilities. Successful exploitation could result in unauthorized access to the AEM environment.

Affected are versions 6.0, 6.1, 6.2, 6.3, 6.4 and 6.5

More information from the Adobe's security advisory.

Symantec Intelligence Report: September 2019

Symantec have published their Intelligence report that sums up the latest threat trends for September 2019.
The report can be viewed here.

Google Chrome Vulnerabilities Fixed

Google have released a version 77.0.3865.120 of their Chrome web browser. The new version contains fixes to eight security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

Wednesday, October 9, 2019

Microsoft Security Updates For October 2019

Microsoft have released security updates for October 2019.

Summary of the updates (filter by inserting 09/11/2019 to the From field and 10/09/2019 to the To field) here.

ITunes 12.10.1 For Windows Released

Apple have released version 12.10.1 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.10.1 can be read from related security advisory.

Users of old versions should update to the latest one available.

New iCloud Versions For Windows Released

Apple have released new versions of their iCloud client for Windows. New versions fix security vulnerabilities.

iCloud for Windows 10.7 is for Windows 10 and later and is available via Windows Store. iCloud for Windows 7.14 is available for Windows 7 and later.

More information about the security content of the new versions can be read from the correspondent security advisories:
-iCloud 10.7
-iCloud 7.14

Wednesday, October 2, 2019

New PHP versions available

PHP development team has released 7.3.10 and 7.2.23 versions of the PHP scripting language. Among other bugs some security bugs (in 7.3.10 version) have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.10
Version 7.2.23