by CIRT Team
ISC BIND CVE-2017-3143 Security Bypass Vulnerability
Description: BIND is open source software that enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your users. An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND...
Read More
by CIRT Team
ISC BIND CVE-2017-3142 Security Bypass Vulnerability
Description: BIND is open source software that enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your users. An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully...
Read More
by CIRT Team
Mozilla Security Updates for Thunderbird
Description: Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for...
Read More
by CIRT Team
Drupal Releases Security Updates for Multiple Vulnerabilities
Description: Drupal 8.3.7 is a maintenance release which contain fixes for security vulnerabilities. Updating your existing Drupal 8 sites is strongly recommended. This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. Impact: A remote attacker could exploit one of these vulnerabilities to obtain or modify sensitive information. Mitigation: Updates are available. Please check specific vendor advisory for more...
Read More
by CIRT Team
Mozilla Releases Security Updates
Description: Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. Impact: An attacker who successfully exploited the vulnerability could take control...
Read More
by CIRT Team
Adobe Releases Security Updates
Description: Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Acrobat, Reader, Experience Manager, and Digital Editions. Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/flash-player/apsb17-23.html https://helpx.adobe.com/security/products/acrobat/apsb17-24.html https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html
by CIRT Team
Microsoft Releases August 2017 Security Updates
Description: Microsoft releases security updates for August 17. This release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft SharePoint Adobe Flash Player Microsoft SQL Server Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-us/security-guidance https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99
by CIRT Team
Linux kernel CVE-2017-9077 Local Denial of Service Vulnerability
Description: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. Impact: An attacker can exploit this issue to cause a local denial-of-service condition. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference...
Read More
by CIRT Team
Oracle MySQL Server CVE-2017-3653 Remote Security Vulnerability
Description: Oracle MySQL Server is prone to a remote security vulnerability in MySQL Server. The vulnerability can be exploited over the ‘MySQL’ protocol. The ‘Server: DML’ sub component is affected. This vulnerability affects the following supported versions: 5.7.18 and prior 5.5.56 and prior 5.6.36 and prior Impact: Remote Security Vulnerability. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: http://www.securityfocus.com/bid/99767/info...
Read More
by CIRT Team
Adobe Acrobat and Reader APSB17-11 Multiple Unspecified Memory Corruption Vulnerabilities
Description: Adobe Acrobat and Reader are prone to multiple unspecified memory-corruption vulnerabilities. Adobe recommends users update their software installations to the latest versions by following the instructions below. The latest product versions are available to end users via one of the following methods: Users can update their product installations manually by choosing Help > Check for Updates. The products will update automatically, without requiring user...
Read More
