TTCSIRT-100.031418: TT-CSIRT Advisory – Samba Security Updates

TTCSIRT-099.031418: TT-CSIRT Advisory – FireFox Security Updates

Mozilla has released a security update stating that the following vulnerabilities have been fixed for FireFox Browser ver 59.0: a) Buffer overflow manipulating SVG animatedPathSegList – CVE-2018-5127 b) Use-after-free manipulating editor selection ranges – CVE-2018-5128 c) Out-of-bounds write with malformed IPC messages – CVE-2018-5129 d) Mismatched RTP payload type can trigger memory corruption – CVE-2018-5130 […]

TTCSIRT-097.031218: TT-CSIRT Advisory – Chrome Security Updates

Google has reported that the following vulnerabilities have been discovered in Google Chrome: a) Use after free in Flash – (CVE-2018-6058, CVE-2018-6059) b) Incorrect permissions on shared memory – (CVE-2018-6057, CVE-2018-6063) c) Use after free in Blink – (CVE-2018-6060) d) Race condition in V8 – (CVE-2018-6061) e) Heap buffer overflow in Skia – (CVE-2018-6062) f) […]

TTCSIRT-096.030718: TT-CSIRT Advisory – Android Security Updates

Google has reported that multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows: a) Multiple elevation of privilege vulnerabilities in Kernel components – (CVE-2017-16525, CVE-2017-16530) b) Multiple information disclosure vulnerabilities […]

TTCSIRT-095.030718: TT-CSIRT Advisory – Linux Security Updates

Red Hat has released a security update stating that it is aware of DDoS (Distributed Denial of Service) amplification attacks being performed by exploiting memcached servers exposed to the public Internet. These attacks take advantage of memcached communication using the UDP protocol for transport. The attack is effective because of the high amplification ratio – […]

TTCSIRT-094.030218: TT-CSIRT Advisory – PHP Security Updates

Several security vulnerabilities have been found in PHP7 which include: a) Bug #49876 (Fix LDAP path lookup on 64-bit distros). b) Bug #54289 (Phar::extractTo() does not accept specific directories to be extracted). c) Bug #65414 (deal with leading slash when adding files correctly). d) Bug #65414 (deal with leading slash while adding files correctly). e) […]

TTCSIRT-093.030218: TT-CSIRT Advisory – BIND Security Updates

The Internet Systems Consortium (ISC) has released a security update stating that a vulnerability in the Berkeley Internet Name Domain (BIND) has been found which, if exploited an attacker, could cause a Denial of Service (DoS) condition. This vulnerability is caused by a malformed packet BIND erroneously selecting a SERVFAIL rcode instead of a FORMERR […]

TTCSIRT-091.022318: TT-CSIRT Advisory – Cisco Security Updates

Cisco has a released a security update stating that a vulnerability has been identified in the application configuration of Cisco Unified Communications Domain Manager where an insecure key is generated during application configuration allowing an attacker to exploit this by using a known insecure key value to bypass security protections by sending arbitrary requests using […]