Subscribe: US-CERT Technical Alerts and Bulletins
http://www.us-cert.gov/channels/techdocs.rdf
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
cisco  cve cve  cve  denial service  denial  ios software  ios  security  service  updates  vulnerabilities  vulnerability 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: US-CERT Technical Alerts and Bulletins

US-CERT: The United States Computer Emergency Readiness Team





 






ISC Releases Security Updates for BIND

Tue, 27 Sep 2016 20:31:57 +0000

Original release date: September 27, 2016

The Internet Systems Consortium (ISC) has released updates that address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

  • BIND 9 version 9.9.9-P3
  • BIND 9 version 9.10.4-P3
  • BIND 9 version 9.11.0rc3
  • BIND 9 version 9.9.9-S5

US-CERT encourages users and administrators to review ISC Knowledge Base Article AA-01419 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





SB16-270: Vulnerability Summary for the Week of September 19, 2016

Mon, 26 Sep 2016 11:58:09 +0000

Original release date: September 26, 2016 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobatAdobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.2016-09-1610.0CVE-2016-6937CONFIRMadobe -- acrobatUse-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4255.2016-09-1610.0CVE-2016-6938CONFIRMapache -- cxf_fedizThe application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.2016-09-217.5CVE-2016-4464CONFIRMMLISTCONFIRMapple -- xcodeotool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705.2016-09-187.2CVE-2016-4704APPLECONFIRMapple -- xcodeotool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704.2016-09-187.2CVE-2016-4705APPLECONFIRMartifex -- mupdfHeap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.2016-09-227.5CVE-2016-6525CONFIRMCONFIRMDEBIA[...]



OpenSSL Releases Security Updates

Fri, 23 Sep 2016 19:13:17 +0000

Original release date: September 23, 2016 | Last revised: September 26, 2016

OpenSSL has released security updates to address vulnerabilities in previous versions. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

  • OpenSSL 1.1.0b for 1.1.0 users
  • OpenSSL 1.0.2j for 1.0.2i users
  • OpenSSL 1.0.1u for 1.0.1 users *

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.

* Please see this previous Security Advisory for information on 1.0.1u.


This product is provided subject to this Notification and this Privacy & Use policy.





FTC Releases Data Breach Recovery and Prevention Video

Thu, 22 Sep 2016 17:21:38 +0000

Original release date: September 22, 2016

The Federal Trade Commission (FTC) has released a step-by-step video to users whose personal information may have been exposed in a data breach. This video provides instruction on how to report an incident and develop a personal recovery plan after a data breach has occurred.

US-CERT encourages users to review the FTC blog and US-CERT Tips on Avoiding Social Engineering and Phishing Attacks, Safeguarding Your Data, and Protecting Your Privacy for more information.


This product is provided subject to this Notification and this Privacy & Use policy.





Drupal Releases Security Advisory

Thu, 22 Sep 2016 00:49:43 +0000

Original release date: September 21, 2016

Drupal has released an advisory to address vulnerabilities in Drupal core 8.x versions prior to 8.1.10. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Drupal's Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.





Cisco Releases Security Updates

Thu, 22 Sep 2016 00:36:43 +0000

Original release date: September 21, 2016

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.





Mozilla Releases Security Updates

Tue, 20 Sep 2016 21:02:28 +0000

Original release date: September 20, 2016

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 49
  • Firefox ESR 45.4

Users and administrators are encouraged to review the Mozilla Security Advisories for Firefox and Firefox ESR and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Apple Releases Security Updates

Tue, 20 Sep 2016 19:56:55 +0000

Original release date: September 20, 2016

Apple has released security updates to address vulnerabilities in macOS Server, macOS Sierra, Safari, and iCloud for Windows. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Apple security pages for macOS Server, macOS Sierra, Safari, and iCloud for Windows and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





SB16-263: Vulnerability Summary for the Week of September 12, 2016

Mon, 19 Sep 2016 10:58:46 +0000

Original release date: September 19, 2016 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- digital_editionsAdobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.2016-09-1610.0CVE-2016-4256CONFIRMadobe -- digital_editionsAdobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.2016-09-1610.0CVE-2016-4257CONFIRMadobe -- digital_editionsAdobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.2016-09-1610.0CVE-2016-4258CONFIRMadobe -- digital_editionsAdobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.2016-09-1610.0CVE-2016-4259CONFIRMadobe -- digital_editionsAdobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4261, and CVE-2016-4262.2016-09-1610.0CVE-2016-4260CONFIRMadobe -- digital_editionsAdobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, and CVE-2016-4262.2016-09-1610.0CVE-2016-4261CONFIRMadobe -- digital_editionsAdobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than C[...]