* You are viewing the archive for April, 2011

Cisco Unified Communications Manager Security Updates Released

Cisco has released security updates for thier Cisco Unified Communications product. Details are at the link below.

References:
http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

VMware vCenter, ESX, and ESXi Security Updates Released

VMware has released security updates for its vCenter Server, vCenter Update Manager, ESXi and ESX products. Details are at the link below.

References:
http://www.vmware.com/security/advisories/VMSA-2011-0003.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Mozilla Firefox 4.0.1, 3.6.17 and 3.5.19 Released

Mozilla has released Firefox versions 4.0.1, 3.6.17 and 3.5.19. These new versions fix several security-related bugs.

References:
http://www.mozilla.org/security/announce/2011/mfsa2011-12.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Signs of Life from ExploitHub

So, ExploitHub might just have a heartbeat after all. This just showed up in my inbox. Could be good news for exploit developers.

Want to get paid for your research? ExploitHub is now accepting exploits for sale to the community. It’s simple, just register to become a seller and begin contributing your work to the marketplace in three easy steps:

1. Submit your Metasploit exploit module via the Author Tools submission page.
2. Review the pre-populated information about your exploit that was extracted from the module and fill in any missing information such as price.
3. Submit the exploit … Continue Reading

Share

Google Chrome 11.0.696.57 Released

Google Chrome 11.0.696.57 has been released for Windows, Mac, and Linux. The update includes fixes for 25 vulnerabilities, 16 of which are classified as high or critical.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

WordPress 3.1.2 Released

WordPress version 3.1.2 contains both normal bugfixes and security-related changes. I upgraded this blog already to the 3.1.2 release level and it seems to work fine.

References:
http://codex.wordpress.org/Version_3.1.2

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Joomla! 1.6.2 Released

Joomla! 1.6.2 has been released. This version includes 8 security fixes, the highest being rated as “medium” severity.

References:
http://www.joomla.org/announcements/release-news/5368-joomla-162-released.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Adobe Reader 9.4.4 Released

Adobe has released version 9.4.4 of their Acrobat Reader product to address a set of security vulnerabilities including CVE-2011-0611. There are known attacks against CVE-2011-0611. Adobe Reader 10 isn’t affected according to Adobe, but please note that many customers have had to disable Adobe Reader 10 Protected Mode for application compatibility reasons and *would* be vulnerable as well.

References:
http://www.adobe.com/support/security/bulletins/apsb11-08.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0611

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Oracle April 2011 Patches Released

Oracle has released its April 2011 Critical Patch Update. The security patches affect the following products:

Oracle Database 11g Release 2, versions 11.2.0.1, 11.2.0.2
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, version 10.1.0.5
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0
Oracle Application Server 10g Release 3, version 10.1.3.5.0
Oracle Application Server 10g Release 2, version 10.1.2.3.0
Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.3
Oracle JRockit, versions R27.6.8 and earlier (JDK/JRE 1.4.2, 5, 6), R28.1.1 and earlier (JDK/JRE 5, 6)
Oracle Outside In Technology, versions 8.3.2.0, 8.3.5.0
Oracle WebLogic Server, versions 8.1.6, 9.2.3, 9.2.4, … Continue Reading

Share

Apple iTunes 10.2.2 Released – Includes Security Updates

Apple has released version 10.2.2 of their iTunes software for Windows 7, Vista, and Windows XP. 10.2.2 includes several two security-related fixes.

References:
http://lists.apple.com/archives/security-announce/2011/Apr/msg00004.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apple Safari 5.0.5 released

Apple has released Safari 5.0.5 (for Apple Mac and Windows). This new version contains two security-related fixes for WebKit.

Updates for the Comodo fraudulent certificates was released in today’s iOS and OS X security updates, not in Safari 5.0.5. Microsoft’s KB2524375 update ( provides the corresponding chanege for Safari on Windows.

References:
http://lists.apple.com/archives/security-announce/2011/Apr/msg00002.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apple OS X Security Updates Released

Apple has released security updates for their OS X platform. Details are at the links below.

References:
[OSX] http://lists.apple.com/archives/security-announce/2011/Apr/msg00003.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apple iOS 4.3.2 and 4.2.7 Released

The new Apple iOS 4.3.2 has been released and contains 5 security updates. iOS 4.2.7 was also released with the vulnerabilities from this set that appied to 4.2.x fixed.

References:
[4.3.2] http://lists.apple.com/archives/security-announce/2011/Apr/msg00000.html
[4.2.7] http://lists.apple.com/archives/security-announce/2011/Apr/msg00001.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Google Chrome 10.0.648.205 Released

Google Chrome 10.0.648.205 has been released for Windows, Mac, and Linux. The update includes fixes for 3 vulnerabilities, all of which are classified as critical.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Microsoft April 2011 Patch Tuesday Patches Released

There are 17 bulletins in the Microsoft April 2011 Patch Tuesday patch set. At least 2 of the vulnerabilities fixed have active exploits, and at east 3 others have proof-of-concept code available for them. MS11-020 (RPC bug) is potenially wormable, but no known exploit exists as of this writing.

References:
http://isc.sans.edu/diary.html?storyid=10693

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

WordPress 3.1.1 Released

WordPress version 3.1.1 contains both normal bugfixes and security-related changes. I upgraded this blog already to the 3.1.1 release level and it seems to work fine.

References:
http://wordpress.org/news/2011/04/wordpress-3-1-1/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

IBM solidDB Authentication Bypass Vulnerability (Remotely Exploitable)

IBM has released patches to fix a remotely exploitable authentication bypass vulnerability in their solidDB product.

Affected versions:
4.5.180 and below
6.0.1066 and below
6.1.20 and below
6.3 Fix Pack 6 and below
6.5 Fix Pack 2 and below

References:
https://www-304.ibm.com/support/docview.wss?uid=swg21474552

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share