No Image

USN-4059-2: Squid vulnerabilities

2019-07-17 KENNETH 0

USN-4059-2: Squid vulnerabilities squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in Squid. Software Description squid3 – Web proxy cache server Details USN-4059-1 and USN-3557-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027) It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting [ more… ]

No Image

A proactive approach to more secure code

2019-07-17 KENNETH 0

A proactive approach to more secure code What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre (MSRC) has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as Matt Miller discussed in his 2019 presentation at BlueHat IL, the majority of vulnerabilities fixed and … A proactive approach to more secure code Read More » Source: A proactive approach to more secure code

The next version of Microsoft Edge: Enterprise evaluation and roadmap

2019-07-17 KENNETH 0

The next version of Microsoft Edge: Enterprise evaluation and roadmap This week at the Microsoft Inspire 2019 conference, we are sharing an update on capabilities that we are investing in to make the next version of Microsoft Edge the best browser for enterprises and business customers of all sizes. The Dev Channel now has enterprise features enabled by default and is ready for evaluation and supported by detailed deployment and configuration documentation. We are also offering full support for deployment in pilot and production environments through our commercial support channels. Dev channel builds, including offline installers and ADMX files, are available at https://www.microsoftedgeinsider.com/enterprise. We’re excited to hear from you about how these enterprise-focused features work in your environment and improve end user productivity. Looking forward In the rest of this post, we’ll share the updates we are covering at Inspire, [ more… ]

No Image

USN-4062-1: WavPack vulnerabilities

2019-07-17 KENNETH 0

USN-4062-1: WavPack vulnerabilities wavpack vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary WavPack could be made to crash if it received a specially crafted WAV file. Software Description wavpack – audio codec (lossy and lossless) – encoder and decoder Details Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010318, CVE-2019-1010319) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libwavpack1 – 5.1.0-5ubuntu0.2 wavpack – 5.1.0-5ubuntu0.2 Ubuntu 18.04 LTS libwavpack1 – 5.1.0-2ubuntu1.4 wavpack – 5.1.0-2ubuntu1.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-1010315 CVE-2019-1010317 CVE-2019-1010318 CVE-2019-1010319 Source: USN-4062-1: WavPack vulnerabilities

No Image

USN-4060-2: NSS vulnerabilities

2019-07-17 KENNETH 0

USN-4060-2: NSS vulnerabilities nss vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in NSS. Software Description nss – Network Security Service library Details USN-4060-1 fixed several vulnerabilities in nss. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719) Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. (CVE-2019-11729) Update instructions The problem can be corrected by updating your system to the [ more… ]