Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TTCSIRT-159.090318: TT-CSIRT Advisory – Apache Security Updates

Apache has released a security update stating that a vulnerability has been discovered in Apache Struts where it is possible for an attacker to perform a Remote Code Eexecution attack when the namespace value isn’t set for a result defined in certain underlying configurations. Further information on this vulnerability and how it can be mitigated …

TTCSIRT-158.081718: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that the following issues have been discovered in Adobe Acrobat & Reader: a) One out-of-bounds vulnerability that could allow for arbitrary code execution – (CVE-2018-12808). b) One untrusted pointer deference vulnerability that could allow for arbitrary code execution – (CVE-2018-12799). Successful exploitation of these vulnerabilities could result in …

TTCSIRT-157.081718: TT-CSIRT Advisory – Oracle Security Updates

Oracle has released a security update stating that a vulnerability has been discovered in Oracle Database Server that could allow for complete compromise of the database. The issue resides in the Oracle Database Server where low-privileged attackers that have Create Session privileges can compromise the Java Virtual Machine component and take complete control of the …

TTCSIRT-156.081318: TT-CSIRT Advisory – NetComm Security Updates

ICS-CERT has released a security update stating that the NetComm’s Wireless 4G LTE Light Industrial M2M Router is vulnerable to: a) Information Exposure b) Cross-site Request Forgery c) Cross-site Scripting The flaws can be exploited remotely from the Internet and have been classified by ICS-CERT as “critical” while the information disclosure issues are said to …

TTCSIRT-155.081318: TT-CSIRT Advisory – VMware Security Updates

VMware has released a security update stating that Horizon ver 6.0 – 7.0 for Windows contains an out-of-bounds read vulnerability in the Message Framework library. This issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Further …

TTCSIRT-154.080718: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security update stating that it has found the following critical vulnerabilities within Mozilla Thunderbird ver 60.0: a) Bug #1459162 – a buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. …

TTCSIRT-153.080718: TT-CSIRT Advisory – Drupal Security Updates

Drupal has released a security update stating that a vulnerability has been discovered in Drupal ver 8.5.5 and before where within the Symfony Library an attacker can override the path in the request URL via the X-Original-URL or X-Rewrite-URL within the IIS Web Server through the making of a HTTP request header. Once the override …

TTCSIRT-152.080218: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that a vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable and susceptible to Denial of Service (DoS) attacks. This issue exists due to to insufficient validation of a password change request. Further …

TTCSIRT-151.080218: TT-CSIRT Advisory – Linux Security Updates

Kernel.org has released a security update stating that a vulnerability in the Kernel-based Virtual Machine (KVM) virtualization subsystem of the Linux Kernel exists due to the vmx.c source code file failing to set the GDT.LIMIT value to the previous host. As a result, malicious entries could be placed in the Global Descriptor Table (GDT) on …

TTCSIRT-150.072718: TT-CSIRT Advisory – PHP Security Updates

PHP has released a security update stating that the following vulnerabilities have been found in PHP 7: Ver 7.2.8 Bug #71848 – Getimagesize with $imageinfo returns false Bug #73342 – Vulnerability in php-fpm by changing stdin to non-blocking Bug #74670 – Integer underflow when unserializing GMP and possible other classes Bug #75231 – ReflectionProperty#getValue() incorrectly …