Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TTCSIRT-071.120817: TT-CSIRT Advisory – Chrome Security Updates

Google has reported several vulnerabilities with regards to Google Chrome which includes: a) Out of bounds write in QUIC – (CVE-2017-15407) b) Heap buffer overflow in PDFium – (CVE-2017-15408) c) Out of bounds write in Skia – (CVE-2017-15409) d) Use after free in PDFium – (CVE-2017-15410, CVE-2017-15411) e) Use after free in libXML – (CVE-2017-15412) …

TTCSIRT-070.120517: TT-CSIRT Advisory – Mozilla Security Updates

Multiple vulnerabilities have been identified in Mozilla Thunderbird, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows: a) A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash …

TTCSIRT-069.120517: TT-CSIRT Advisory – Apache Security Updates

The Apache Software Foundation has release security updates to address multiple vulnerabilities in Apache Struts version 2: a) A denial of service vulnerability exists due to an outdated JSON-lib library utilized by a REST plugin – (CVE-2017-15707). b) A remote code execution vulnerability exists because the REST Plugin utilizes Jackson JSON library for data binding …

TTCSIRT-068.113017: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that multiple vulnerabilities exist in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit these vulnerabilities by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to …

TTCSIRT-067.113017: TT-CSIRT Advisory – Apple Security Updates

Apple has released a security update stating that Apple MacOS High Sierra (10.13) contains a flaw in how it authenticates disabled accounts. When a privileged action prompts the user for administrative credentials, the user can simply enter the user of “root” with an empty password. The first attempt appears to fail, but in actuality, this …

TTCSIRT-066.112217: TT-CSIRT Advisory – Intel Security Updates

Intel has released security updates to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system. Further information on these vulnerabilities and how they can be fixed can be found on …

TTCSIRT-065.112217: TT-CSIRT Advisory – Symantec Security Updates

Symantec has a security update stating that the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing “traverse to parent directory” are passed through to the file …

TTCSIRT-064.112017: TT-CSIRT Advisory – Oracle Security Updates

Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo. A remote attacker could exploit these vulnerabilities to take control of an affected system. Further information on these vulnerabilities and how they can be fixed can be found on the Oracle Website at http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html

TTCSIRT-063.112017: TT-CSIRT Advisory – Mozilla Security Updates

Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows: a) A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page allowing for …

TTCSIRT-062.111517: TT-CSIRT Advisory – Microsoft Security Updates

Multiple vulnerabilities have been discovered in Microsoft products which, depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. A full list of all vulnerabilities and how they can be fixed can be found on the Microsoft Website …