Government of the Republic of Trinidad and Tobago                                                                                                                                        


Security Advisories

TTCSIRT-203.031819: TT-CSIRT Advisory – Intel Security Updates

Intel has released a security update stating that a potential security vulnerability in Intel® USB 3.0 Creator Utility may allow for escalation of privileges. This vulnerability is due to improper permissions in the Intel(R) USB 3.0 Creator Utility. Further information on this vulnerability and how it can be mitigated can be found on the Intel […]

Read More


TTCSIRT-202.031819: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that it has found a heap corruption issue(CVE-2019-7094) within Adobe Photoshop which could allow for arbitrary code execution. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application […]

Read More


TTCSIRT-201.022119: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that it has discovered a vulnerability in the Open Container Initiative runc CLI tool used by multiple products which could allow an unauthenticated, remote attacker to escalate privileges on a targeted system. This issue exists because the affected software improperly handles file descriptors related to /proc/self/exe. An attacker […]

Read More


TTCSIRT-200.022119: TT-CSIRT Advisory – VMware Security Updates

VMWare has released a security update stating that it has discovered a runc container runtime vulnerability for VMware Integrated OpenStack with Kubernetes (VIO-K), VMware PKS (PKS), VMware vCloud Director Container Service Extension (CSE) and vSphere Integrated Containers (VIC). Successful exploitation of this issue may allow an attacker to overwrite the contents of a host’s runc […]

Read More


TTCSIRT-199.020419: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that the following issues have been discovered with Google Chrome all versions of Google Chrome prior to 72.0.3626.81: a) Heap buffer overflow in SwiftShader – (CVE-2019-5771). b) Heap buffer overflow in WebGL – (CVE-2019-5770). c) Inappropriate implementation in QUIC Networking – (CVE-2019-5754). d) Inappropriate implementation in V8 – […]

Read More


TTCSIRT-198.020419: TT-CSIRT Advisory – FireFox Security Updates

Mozilla has released a security update stating that the following issues have been discovered in Mozilla FireFox ver 65.0: a) A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations – (CVE-2018-18504). b) A use-after-free vulnerability can occur while parsing […]

Read More


TTCSIRT-197.012319: TT-CSIRT Advisory – Apple Security Updates

Apple has released a security update stating that the following vulnerabilities were patched in iCloud, Safari, watchOS, tvOS, Mojave, High Sierra, Sierra, and iOS: a) A buffer overflow issue was addressed with improved memory handling – (CVE-2019-6224). b) A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation – (CVE-2019-6228). […]

Read More


TTCSIRT-196.012319: TT-CSIRT Advisory – Drupal Security Updates

Drupal has released a security update stating that a remote code execution vulnerability exists in PHP’s built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This issue is […]

Read More


TTCSIRT-195.011119: TT-CSIRT Advisory – PHP Security Updates

PHP has released a security update stating that the following vulnerabilities have been discovered in the following versions of PHP: Version 5.6.40 Bug #77242 (heap out of bounds read in xmlrpc_decode()). Bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). Bug #77269 (efree() on uninitialized Heap data in imagescale leads to Bug #77270 (imagecolormatch Out Of Bounds […]

Read More


TTCSIRT-194.011119: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that the following vulnerabilities have been discovered in the Android Operating System: a) An elevation of privilege vulnerability in Framework – (CVE-2018-9582). b) A remote code execution vulnerability in System – (CVE-2018-9583). c) Multiple elevation of privilege vulnerabilities in System – (CVE-2018-9584). d) Multiple information disclosure vulnerabilities in […]

Read More