Government of the Republic of Trinidad and Tobago                                                                                                                                        


Security Advisories

TTCSIRT-181.111318: TT-CSIRT Advisory – VMware Security Updates

VMware has released a security update stating that VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter. This vulnerability could allow an attacker to execute code on the host especially if vmxnet3 is enabled. Further information on this vulnerability and how it can be mitigated can be found […]

Read More


TTCSIRT-180.111318: TT-CSIRT Advisory – Apache Security Updates

Apache has released a security update stating that all web applications using Apache Struts be upgraded to ver 2.3.36 as previous versions are vulnerable to Remote Code Execution attackers from attackers. This vulnerability is due to commons-fileupload jar file having a flaw where it can be replaced with a malicious file if an attacker is […]

Read More


TTCSIRT-179.110518: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that a vulnerability has been discovered in Microsoft Edge which could allow for arbitrary code execution. There are currently two ways in which it can be exploited: 1) File-based a. An attacker crafts a malicious document file to leverage the issue and to carry out some actions on […]

Read More


TTCSIRT-178.110518: TT-CSIRT Advisory – Apple Security Updates

Apple has a released a security update stating that it has fixed the following vulnerabilities in Safari, iCloud, iTunes, watchOS, iOS, tvOS, Mojave, High Sierra and Sierra: a) A buffer overflow was addressed with improved size validation – (CVE-2018-4424). b) A configuration issue was addressed with additional restrictions – (CVE-2018-4342). c) A cross-site scripting issue […]

Read More


TTCSIRT-177.102918: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security stating that it has discovered the following vulnerabilities in Mozilla Firefox ver 63.0: a) Crash with nested event loops – when manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling (CVE-2018-12392). b) Integer […]

Read More


TTCSIRT-176.102918: TT-CSIRT Advisory – Linux Security Updates

It has been discovered that several Linux Operating Systems including Red Hat, CentOS, Debian, Ubuntu and OpenBSD can be affected by a serious X.Org vulnerability. This issue is caused by an incorrect command-line parameter validation in the X.org X server which can lead to privilege elevation and/or arbitrary files overwrite especially when the X server […]

Read More


TTCSIRT-175.102218: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that it discovered a vulnerability where libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system. The issue is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message […]

Read More


TTCSIRT-174.102218: TT-CSIRT Advisory – Drupal Security Updates

Drupal has released a security update stating that the following vulnerabilities have been discovered in the Drupal Core Module: a) Content Moderation fails in certain circumstances to check user access to certain transitions which results in an access bypass. b) External URL injection through URL Aliases allows for open redirect. c) Anonymous Open Redirect takes […]

Read More


TTCSIRT-173.101618: TT-CSIRT Advisory – PHP Security Updates

PHP has released a security update stating that the following vulnerabilities have been discovered in PHP ver 7.2.11 & 7.1.23: a) Bug #66828 – (iconv_mime_encode Q-encoding longer than it should be). b) Bug #73457 – (Wrong error message when fopen FTP wrapped fails to open data connection). c) Bug #74454 – (Wrong exception being thrown […]

Read More


TTCSIRT-172.101618: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that the following vulnerabilities have been discovered in Google Chrome: a) Cross-origin URL disclosure in Blink – (CVE-2018-17468). b) Heap buffer overflow in PDFium – (CVE-2018-17469). c) iframe sandbox escape on iOS – (CVE-2018-17472). d) Lack of limits on update() in ServiceWorker – (CVE-2018-5179). e) Memory corruption in […]

Read More