TTCSIRT-138.062918: TT-CSIRT Advisory – Mozilla Security Updates

TTCSIRT-138.062918: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security update stating that it has discovered the following vulnerabilities Firefox ESR 52.9: a) Buffer overflow using computed size of canvas element – CVE-2018-12359. b) Use-after-free when using focus() – CVE-2018-12360. c) Integer overflow in SSSE3 scaler – CVE-2018-12362. Successful exploitation of the most severe of these vulnerabilities could allow for […]

TTCSIRT-137.062918: TT-CSIRT Advisory – SSDP Security Updates

NETSCOUT Arbor has released a security update stating that the Simple Service Discovery Protocol (SSDP) can be exploited to launch a new type of distributed denial of service (DDoS) attack where devices respond with a non-standard port. SSDP, which was designed for service discovery over a local network, uses text-based HTTP messages over UDP (also […]

TTCSIRT-136.062618: TT-CSIRT Advisory – PHP Security Updates

PHP Security Consortium has released a security update stating that the following vulnerabilities have been discovered in PHP Ver 7.1.19 & 7.2.7: a) Bug #76174 – openssl extension fails to build with LibreSSL 2.7. b) Bug #76296 – openssl_pkey_get_public does not respect open_basedir. c) Bug #76333 – PHP built-in server does not find files if […]

TTCSIRT-135.062618: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that the following vulnerabilities have been discovered within the Oracle Outside In Technology Module being utilized by Microsoft Exchange Server: a) A remote user can exploit a flaw in the Oracle Outside In Technology Outside In Filters component to access data and cause partial denial of service conditions […]

TTCSIRT-134.062018: TT-CSIRT Advisory – macOS Security Updates

Apple has released a security update stating that a vulnerability has been discovered in Xcode for macOS High Sierra where an attacker can bypass security restrictions. This is due to multiple issues existing in versions of git prior to 2.15.2. Further information on this vulnerability and how it can be mitigated can be found at […]

TTCSIRT-133.062018: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that a vulnerability has been discovered in Google Chrome where an attacker could execute arbitrary code in the browser. This is caused by an out-of-bounds write to arbitrary locations. Successful exploitation could allow the attacker to execute code to install programs; view, change, or delete data; or create […]

TTCSIRT-132.061418: TT-CSIRT Advisory – Bind Security Updates

The Internet Systems Consortium (ISC) has released a security update stating that some versions of BIND could improperly permit recursive queries to unauthorized clients. This could allow an attacker to deduce which queries a server has previously serviced by examining the results from the cache thereby potentially leaking private information about what queries have been […]

TTCSIRT-131.061418: TT-CSIRT Advisory – VMware Security Updates

VMware has released a security update stating that VMware AirWatch Agent for Android and Windows Mobile devices contain a remote code execution vulnerability in real time File Manager capabilities. This may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card […]

TTCSIRT-130.061218: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that a vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) which could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This is due to lack of proper input validation of the HTTP URL. […]

TTCSIRT-129.061218: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that the following vulnerabilities have been discovered in the Android OS: a) Multiple information disclosure vulnerabilities in Framework – (CVE-2017-13227, CVE-2018-9340). b) Multiple elevation of privilege vulnerabilities in Framework – (CVE-2018-9338, CVE-2018-9339). c) Multiple elevation of privilege vulnerabilities in Kernel components – (CVE-2017-17558, CVE-2017-17806, CVE-2017-17807, CVE-2018-9363). d) An […]