* You are viewing the archive for the ‘Vulnerability Management’ Category

Google Chrome 14.0.835.202 Released

Google Chrome 14.0.835.202 has been released for Windows, Mac, and Linux. The update includes fixes for 7 vulnerabilities, all of which are classified as high or critical.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Google Chrome 14.0.835.163 Released

Google Chrome 14.0.835.163 has been released for Windows, Mac, and Linux. The update includes fixes for 32 vulnerabilities, 15 of which are classified as high or critical.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

Google Chrome 13.0.782.215 Released

Google Chrome 13.0.782.215 has been released for Windows, Mac, and Linux. The update includes fixes for 11 vulnerabilities, 10 of which are classified as high or critical.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Mozilla Firefox 6.0 and 3.6.20 Released

Mozilla has released Firefox versions 6.0 and 3.6.20. These new versions fix several security-related memory corruption bugs (http://www.mozilla.org/security/announce/2011/mfsa2011-29.html).

Firefox version 5.x is now off support. You should be running only 3.6.x or 6.x in production now.

References:
http://www.mozilla.com/en-US/firefox/6.0/releasenotes/

http://www.mozilla.com/en-US/firefox/3.6.20/releasenotes/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Adobe Shockwave Player Version 11.6.1.629 Released

Adobe has released Shockwave Player version 11.6.1.629 for Windows and Apple OS X. This update contains several security updates as outlined in the link below.

References:
http://www.adobe.com/support/security/bulletins/apsb11-19.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Adobe Flash Player 10.3.183.5 Released

Adobe has released version 10.3.183.5 of their Flash player product for Windows, Linux, Apple OS X, and Solaris. This update includes security fixes.

References:
http://www.adobe.com/support/security/bulletins/apsb11-21.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apple Quicktime Player 7.7 Released

Apple has released Quicktime Player 7.7 for Windows and Apple Mac OS X 10.5.8. Version 7.7 includes fixes for 13 security issues.

References:
http://lists.apple.com/archives/security-announce/2011/Aug/msg00000.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Google Chrome 13.0.782.107 Released

Google Chrome 13.0.782.107 has been released for Windows, Mac, and Linux. The update includes fixes for 30 vulnerabilities, 14 of which are classified as high.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Security Update Released for Citrix XenApp and XenDesktop

A remotely exploitable security bug in Citrix XenApp and XenApp has been released. Details are at the link below.

Affected versions:
- all versions of XenApp and XenApp Fundamentals (formerly known as Access Essentials) up to and including version 6
- XenDesktop 4 with, or without, Feature Packs 1 or 2

References:
http://support.citrix.com/article/CTX129430

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apple iOS 4.3.5 and 4.2.10 Released

These updates address security-related bug in iOS.

References:
http://lists.apple.com/archives/security-announce/2011/Jul/msg00005.html
http://lists.apple.com/archives/security-announce/2011/Jul/msg00004.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apple Safari 5.1 and 5.0.6 released

Apple has released Safari 5.1 and 5.0.6 (for Apple Mac and Windows). This new version contains several security-related fixes.

References:
http://lists.apple.com/archives/Security-announce/2011/Jul/msg00002.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Oracle July 2011 Patches Released

Oracle has released its July 2011 Critical Patch Update. The security patches affect the following products:

Oracle Database 11g Release 2, versions 11.2.0.1, 11.2.0.2
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, version 10.1.0.5
Oracle Secure Backup, version 10.3.0.3
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0
Oracle Application Server 10g Release 3, version 10.1.3.5.0
Oracle Application Server 10g Release 2, version 10.1.2.3.0
Oracle Business Intelligence Enterprise Edition, versions 10.1.3.4.1, 11.1.1.3
Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.3
Oracle … Continue Reading

Share

RIM Releases Security Fixes for BlackBerry Enterprise Server

RIM releases fixes for DoS and information disclosure vulnerabilities in their BlackBerry Enterprise Server software. BlackBerry smartphones aren’t affected.

The following BES versions are affected:
- BlackBerry® Enterprise Server version 5.0.0 for Microsoft Exchange, IBM Lotus Domino and Novell GroupWise (with the BlackBerry® Administration API component installed as an option only)
- BlackBerry® Enterprise Server Express 5.0.0 for Microsoft Exchange and IBM Lotus Domino (with the BlackBerry® Administration API component installed as an option only)
- BlackBerry® Enterprise Server Express versions 5.0.1, 5.0.2 and 5.0.3 for Microsoft Exchange
- BlackBerry® Enterprise Server Express versions 5.0.2 … Continue Reading

Share

Apple iOS 4.3.4 and 4.2.9 Released

These updates close the latest jailbreaking hole in iOS.

References:
http://lists.apple.com/archives/security-announce/2011/Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2011/Jul/msg00001.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Exploit Released for BlueCoat BCAAA

An exploit has been published on exploit-db.com for a remotely exploitable bug in BlueCoat BCAAA. BlueCoat BCAAA is used by ProxySG and ProxyOne.

The following ProxySG versions include the fix:
6.2.1.1
6.1.4.1
5.5.5.1
5.4.7.1
5.3.x – no patch available yet
4.3 – SGOS 4.3.4.2 patch release.

No fix has been released yet for ProxyOne.

References:
https://kb.bluecoat.com/index?page=content&id=SA55
http://www.exploit-db.com/exploits/17513

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

[ICS] Siemens Announces Password Security Weakness in SIMATIC S7 Controllers

Siemens has announced a password security problem in an authentication mechanism used in their SIMATIC S7 series of programmable controllers. No patch is available yet. Until a fix is available, some defensive guidance is available at the reference link below. The following Siemens SIMATIC S7 platforms are affected:

S7-200
S7-1200
S7-300
S7-400

References:
http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=51401544&caller=view

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

WordPress 3.1.4 Released

WordPress version 3.1.4 contains both normal bugfixes and security-related changes. I upgraded this blog already to the 3.1.4 release level and it seems to work fine.

References:
http://codex.wordpress.org/Version_3.1.4

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Java Update Released for Mac OS X 10.6 Update 5 and 10.6 Update 10

Apple has released Java updates for Mac OS X 10.6 Update 5 and OS X 10.6 Update 10. Details are at the links below.

References:
http://lists.apple.com/archives/security-announce/2011/Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2011/Jun/msg00002.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Google Chrome 12.0.742.112 Released

Google Chrome 12.0.742.112 has been released for Windows, Mac, and Linux. The update includes fixes for 7 vulnerabilities, 6 of which are classified as high.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Commercial Exploit Released for CVE-2011-1220 in IBM Tivoli Endpoint lcfd.exe

A commercial grade exploit has been released for CVE-2011-1220 in IBM Tivoli Endpoint lcfd.exe in the White Phosphorous add-on pack for Immunity CANVAS.

References:
http://www.whitephosphorus.org/
https://www-304.ibm.com/support/docview.wss?uid=swg21499146
http://seclists.org/fulldisclosure/2011/May/569
http://www.zerodayinitiative.com/advisories/ZDI-11-169/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apple Releases Mac OS X v10.6.8 and Security Update 2011-004

From Apple’s release:

APPLE-SA-2011-06-23-1 Mac OS X v10.6.8 and Security Update 2011-004

Mac OS X v10.6.8 and Security Update 2011-004 are now available and address the following:

AirPort
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset
Description: An out of bounds memory read issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect Mac OS X v10.6 CVE-ID
CVE-2011-0196

App Store
Available for: … Continue Reading

Share

Citrix EdgeSight Active Application Monitoring and Load Testing Security Updates Released

Citrix has released security updates for their Citrix EdgeSight for Active Application Monitoring and Citrix EdgeSight for Load Testing products. Citrix recommends customers upgrade their Citrix EdgeSight for Active Application Monitoring installations to version 5.3 SP2 or later, and Citrix EdgeSight for Load Testing installations to version 3.8.1 or later. Details are available at the link below.

References:
http://support.citrix.com/article/CTX129699

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Mozilla Firefox 5.0 and 3.6.18 Released

Mozilla has released Firefox versions 5.0 and 3.6.18. These new versions fix several security-related bugs.

BTW, Firefox version 4.x is now off support, as is 3.5.x. You should be running only 3.6.x or 5.x in production now.

References:
http://www.mozilla.com/en-US/firefox/5.0/releasenotes/
http://www.mozilla.com/en-US/firefox/3.6.18/releasenotes/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Adobe Flash Player 10.3.181.26 Released

Adobe has released version 10.3.181.26 of their Flash player product for Windows, Linux, Apple OS X, and Solaris. Adobe reports this update includes a fix for a vulnerability that is being exploited in the wild.

References:
http://www.adobe.com/support/security/bulletins/apsb11-18.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Google Chrome 12.0.742.100 Released

Google Chrome 12.0.742.100 has been released for Windows, Mac, and Linux. The update includes fixes for 1, which is classified as critical.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Adobe Reader 10.1, 9.4.5, and 8.3 Released

Adobe has released versions 10.1, 9.4.5, and 8.3 of their Acrobat Reader product to address a set of security vulnerabilities. Details are available at the link below.

References:
http://www.adobe.com/support/security/bulletins/apsb11-16.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Microsoft June 2011 Patch Tuesday Patches Released

So far, one patch out of this months set – MS11-044 – has a known exploit in the wild.

UPDATE – 17 June 2011 – Symantec is reporting exploits for MS11-050 being found in circulation: http://www.symantec.com/connect/de/blogs/vulnerability-june-ms-tuesday-wild

References:
http://isc.sans.org/diary/Microsoft+June+2011+Black+Tuesday+Overview/11050

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Adobe Shockwave Player Version 11.6.0.626 Released

Adobe has released Shockwave Player version 11.6.0.626 for Windows and Apple OS X. This update contains several security updates as outlined in the link below.

References:
http://www.adobe.com/support/security/bulletins/apsb11-17.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

New Oracle Sun Java 6 Update 26 Release Contains Security Fixes

There are 17 vulnerabilities fixed this time around. If for some reason you cannot patch some or all of you Sun Java JRE instances in your organization, please consider putting IPS blocks in place at your network edges and/or in your client host IPS as outlined at http://blog.sharpesecurity.com/2010/10/25/list-of-currently-exploited-sun-java-vulnerabilities/.

Public proof-of-concept exploit code exists for some of the vulnerabilities fixed in this release.

References:
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
http://blog.sharpesecurity.com/2010/10/25/list-of-currently-exploited-sun-java-vulnerabilities/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Google Chrome 12.0.742.91 Released

Google Chrome 12.0.742.91 has been released for Windows, Mac, and Linux. The update includes fixes for 14 vulnerabilities, 5 of which are classified as high or critical.

The feature list includes:
- Hardware accelerated 3D CSS
- New Safe Browsing protection against downloading malicious files
- Ability to delete Flash cookies from inside Chrome
- Launch Apps by name from the Omnibox
- Integrated Sync into new settings pages
- Improved screen reader support
- New warning when hitting Command-Q on Mac
- Removal of Google Gears

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability … Continue Reading

Share