Page 21 of 31 FirstFirst ... 11171819202122232425 ... LastLast
Results 201 to 210 of 306

Thread: Alerts

  1. #201
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird 38.4 released

    FYI...

    Thunderbird 38.4 released

    Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
    Manual check: Go to >Help >About Thunderbird

    - https://www.mozilla.org/en-US/thunde.../releasenotes/
    Nov 23, 2015

    Fixed in Thunderbird 38.4
    - https://www.mozilla.org/en-US/securi...hunderbird38.4
    2015-133 NSS and NSPR memory corruption issues
    2015-132 Mixed content WebSocket policy bypass through workers
    2015-131 Vulnerabilities found through code inspection
    2015-128 Memory corruption in libjar through zip files
    2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
    2015-123 Buffer overflow during image interactions in canvas
    2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
    2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)

    - https://www.mozilla.org/en-US/thunderbird/releases/

    Download:
    - https://www.mozilla.org/en-US/thunderbird/all/
    ___

    - http://www.securitytracker.com/id/1034260
    CVE Reference: CVE-2015-4513, CVE-2015-7189, CVE-2015-7193, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200
    Nov 26 2015
    Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Thunderbird version 38.4.0 ...

    Last edited by AplusWebMaster; 2015-12-16 at 22:10.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #202
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple updates - Dec 8, 2015

    FYI...

    > https://support.apple.com/en-us/HT201222

    iOS 9.2
    - https://support.apple.com/en-us/HT205635
    Dec 8, 2015 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
    - http://www.securitytracker.com/id/1034348
    CVE Reference: CVE-2015-7037, CVE-2015-7051, CVE-2015-7055, CVE-2015-7069, CVE-2015-7070, CVE-2015-7072, CVE-2015-7079, CVE-2015-7080, CVE-2015-7093, CVE-2015-7113
    Dec 9 2015
    Impact: Disclosure of system information, Disclosure of user information, Modification of system information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 9.2 ...

    Safari 9.0.2
    - https://support.apple.com/en-us/HT205639
    Dec 8, 2015 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 ..."
    - http://www.securitytracker.com/id/1034341
    CVE Reference: CVE-2015-7048, CVE-2015-7050, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, CVE-2015-7103, CVE-2015-7104
    Dec 9 2015
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 9.0.2 ...

    OS X El Capitan 10.11.2 and Security Update 2015-008
    - https://support.apple.com/en-us/HT205637
    Dec 8, 2015 - "Available for: OS X El Capitan v10.11 and v10.11.1
    Impact: Multiple vulnerabilities in PHP
    Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29, the most serious of which may have led to remote code execution. These were addressed by updating PHP to version 5.5.30..."
    - http://www.securitytracker.com/id/1034344
    CVE Reference: CVE-2012-1147, CVE-2012-1148, CVE-2015-5333, CVE-2015-5334, CVE-2015-7001, CVE-2015-7038, CVE-2015-7039, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7044, CVE-2015-7045, CVE-2015-7046, CVE-2015-7047, CVE-2015-7052, CVE-2015-7053, CVE-2015-7054, CVE-2015-7058, CVE-2015-7059, CVE-2015-7060, CVE-2015-7061, CVE-2015-7062, CVE-2015-7063, CVE-2015-7064, CVE-2015-7065, CVE-2015-7066, CVE-2015-7067, CVE-2015-7068, CVE-2015-7071, CVE-2015-7073, CVE-2015-7074, CVE-2015-7075, CVE-2015-7076, CVE-2015-7077, CVE-2015-7078, CVE-2015-7081, CVE-2015-7083, CVE-2015-7084, CVE-2015-7094, CVE-2015-7105, CVE-2015-7106, CVE-2015-7107, CVE-2015-7108, CVE-2015-7109, CVE-2015-7110, CVE-2015-7111, CVE-2015-7112
    Dec 9 2015
    Impact: Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes ...
    Solution: The vendor has issued a fix.

    Xcode 7.2
    - https://support.apple.com/en-us/HT205642
    Dec 8, 2015 - "Available for: OS X Yosemite v10.10.5 or later..."
    - http://www.securitytracker.com/id/1034340
    CVE Reference: CVE-2015-7049, CVE-2015-7056, CVE-2015-7057, CVE-2015-7082
    Dec 9 2015
    Impact: Execution of arbitrary code via local system, User access via local system
    Fix Available: Yes Vendor Confirmed: Yes ...
    Solution: The vendor has issued a fix (7.2).

    tvOS 9.1
    - https://support.apple.com/en-us/HT205640
    Dec 8, 2015 - "Available for: Apple TV (4th generation)..."

    watchOS 2.1
    - https://support.apple.com/en-us/HT205641
    Dec 8, 2015 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes..."
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Dec 08, 2015

    Last edited by AplusWebMaster; 2015-12-09 at 14:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #203
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy WordPress 4.4 update breaks itself

    FYI...

    WordPress 4.4 update breaks itself with SSL certificate problem...
    - http://myonlinesecurity.co.uk/wordpr...r-certificate/
    Dec 9, 2015 - "WordPress4.4 has just been released and it is highly recommended to update. BUT it is -broken- on many servers. The update will go OK -but- it will also update the SSL certificate bundle that WordPress uses to update itself, the themes and plugins. The certificate bundle appears to be damaged-or-incorrect and stops any WP updates. You will get a message saying http_request_failed: “SSL certificate problem: unable to get local issuer certificate” whenever you try to do anything involving WordPress updates, updating or installing themes or plugins or using Jetpack features like stats or sharing etc. The error screen will look something like this. It doesn’t matter what plugin or theme you try to update. the error message will be similar:
    >> http://myonlinesecurity.co.uk/wp-con...date-error.png
    ... found this post on WordPress support that does fix the problem. All my WP sites gave me the SSL warning until I used the certificate bundle from that post:
    - https://wordpress.org/support/topic/...error14090086s
    ... until WordPress fixes/updates themselves, you should manually do this yourself...
    WordPress could send out a hotfix of some sort now to make this update... - Derek"
    ___

    WordPress hosting service WP Engine has been hacked
    - http://www.theinquirer.net/inquirer/...as-been-hacked
    Dec 10 2015

    - https://wpengine.com/support/infosec/
    Security Update: "Update 12/13/2015 1:00pm Central: WP Engine continues to work around the clock and as part of the ongoing investigation, our security team has begun to work with an additional security consultant in addition to our third-party cyber security firm in order to objectively accelerate the investigation. We will continue to post updates here as they become available..."

    Last edited by AplusWebMaster; 2015-12-14 at 21:36.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #204
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adblock Plus 2.7 for Firefox released

    FYI...

    Adblock Plus 2.7 for Firefox released
    - https://adblockplus.org/releases/adb...refox-released
    2015-12-15 - "... In order to support multiple processes properly we had to implement massive changes to the core functionality of Adblock Plus. These changes should have almost no visible effect other than improved performance however.
    Visible changes:
    - If pop-ups are blocked after the redirect, the pop-up window will actually be closed and not merely prevented from loading (issue 443).
    - The diagnostic page under chrome://adblockplus/content/errors.html has been removed, it was of very limited use (issue 3357).
    Known issues:
    - Element hiding functionality isn’t working on Mac OS X when multi-process mode is enabled (bug 1187099). Given the lack of progress on Mozilla’s side, we will have to come up with some work-around later on.
    - Issue reporter doesn’t create screenshots when multi-process mode is enabled (issue 3375). To be addressed in the next release.
    - “Unsafe CPOW usage” warnings will still show up in Error Console sometimes when multi-process mode is enabled, most prominently when using the list of blockable items (issue 3407). To be addressed in the next release.
    - Selection in the list of blockable items isn’t remembered reliably when multi-process mode is enabled (issue 3259). To be addressed in the next release."

    Last edited by AplusWebMaster; 2015-12-18 at 15:44.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #205
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird 38.5 released

    FYI...

    Thunderbird 38.5 released

    Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
    Manual check: Go to >Help >About Thunderbird

    - https://www.mozilla.org/en-US/thunde.../releasenotes/
    Dec 23, 2015

    Fixed in Thunderbird 38.5
    - https://www.mozilla.org/en-US/securi...hunderbird38.5
    2015-149 Cross-site reading attack through data and view-source URIs
    2015-146 Integer overflow in MP4 playback in 64-bit versions
    2015-145 Underflow through code inspection
    2015-139 Integer overflow allocating extremely large textures
    2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)

    - https://www.mozilla.org/en-US/thunderbird/releases/

    Download:
    - https://www.mozilla.org/en-US/thunderbird/all/
    ___

    Version 38.5.1
    - https://www.mozilla.org/en-US/thunde.../releasenotes/
    Jan 7, 2016

    What’s New:
    Changed: Use a SHA-256 signing certificate for Windows builds, to meet new signing requirements
    Known Issues:
    unresolved: Windows XP SP2 will no longer install Thunderbird (workaround: Install Thunderbird 38.5.0 then update)

    Last edited by AplusWebMaster; 2016-01-11 at 17:00.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #206
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WordPress 4.4.1 released

    FYI...

    WordPress 4.4.1 Security and Maintenance Release
    - https://wordpress.org/news/2016/01/w...nance-release/
    Jan 6, 2016 - "WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised... There were also several non-security bug fixes..."

    - https://wordpress.org/download/

    > https://www.us-cert.gov/ncas/current...ecurity-Update
    Jan 6, 2016
    ___

    - http://www.securitytracker.com/id/1034622
    CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2016-1564
    Jan 8 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 4.4.1 ...
    Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
    Solution: The vendor has issued a fix (4.4.1)...

    Last edited by AplusWebMaster; 2016-01-14 at 19:37.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #207
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation QuickTime 7.7.9 released

    FYI...

    QuickTime 7.7.9 released
    - https://support.apple.com/en-us/HT205638
    Jan 7, 2016

    Download:
    - https://www.apple.com/quicktime/download/
    ... for Windows Vista or Windows 7
    ___

    - http://www.securitytracker.com/id/1034610
    CVE Reference: CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, CVE-2015-7117
    Jan 8 2016
    Impact: Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 7.7.9 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (7.7.9)...
    ___

    ... fails to install plug-in on Firefox - unless this procedure is followed:

    1. Download QT 7.7.9 from:
    > https://www.apple.com/quicktime/download/
    ... save download where you want.
    2. Dble-click the .exe file.
    3. Choose "Custom" install.
    4. See "Optional Quicktime Features" and choose "QuickTime Web Plugin" (eliminate the red-x).
    5. Choose "Next" and the upgrade/install should complete OK. If you don't do this in the recommended sequence, it will -fail- to install the plug-in for Firefox - likely other browsers, too.

    Last edited by AplusWebMaster; 2016-01-20 at 19:53.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #208
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adblock Plus 2.7.1 for Firefox released

    FYI...

    Adblock Plus 2.7.1 for Firefox released
    - https://adblockplus.org/releases/adb...refox-released
    2016-01-19
    "With this release Adblock Plus becomes fully compatible with the upcoming multi-process mode in Firefox, it no longer relies on backwards compatibility hacks in Firefox (issue 3259, issue 3407, issue 3449, issue 3465, issue 3486, issue 3494). This also means that the screenshot functionality in Issue Reporter is fully functional now (issue 3375), and also quite fast (issue 3504).
    - Additional changes:
    Improved performance: patterns.ini was being saved way more often than necessary (issue 3473).
    $ping filter option is back and will especially apply to requests sent via navigator.sendBeacon() (issue 3452).
    Requests produced by <img srcset> and <picture> will be assigned type image (issue 3459).
    Requests produced by the Fetch API will be assigned type xmlhttprequest (issue 3459).
    genericblock and generichide types will no longer show up in the filter assistant (issue 3478).
    Removed non-standard JavaScript syntax, which caused warnings in Firefox Aurora and Nightly builds (issue 1434, issue 3418, issue 3421, issue 3502, issue 3505).
    Fixed: Previously disabled and removed filter is still disabled when added back (issue 3451).
    - Regressions fixed:
    As the previous release changed Adblock Plus quite drastically, it inevitably introduced some issues. As far as we know, all of these have been resolved:
    Pop-up blocking doesn’t catch redirects to a different domain (issue 3458).
    Issue Reporter gets stuck if filter subscriptions need updating (issue 3461, issue 3464).
    Screenshot marker in Issue Reporter is no longer red (issue 3503).
    Fixed image preview in Blockable Items tooltip (issue 3491).
    - Known issues:
    Element hiding functionality isn’t working on Mac OS X when multi-process mode is enabled (bug 1187099). Mozilla is working on this..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #209
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple software updates

    FYI...

    - https://support.apple.com/en-us/HT201222

    iOS 9.2.1 released
    - https://support.apple.com/en-us/HT205732
    Jan 14, 2016 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later.."
    - http://www.securitytracker.com/id/1034737
    CVE Reference: CVE-2016-1723, CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE-2016-1727, CVE-2016-1728, CVE-2016-1730
    Jan 20 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 9.2.1
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can obtain potentially sensitive information on the target system.
    A remote user can read and write cookies on the target user's system.
    Solution: The vendor has issued a fix (9.2.1)...

    Safari 9.0.3 released
    - https://support.apple.com/en-us/HT205730
    Jan 15, 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.2..."

    OS X El Capitan 10.11.3 and Security Update 2016-001
    - https://support.apple.com/en-us/HT205731
    Jan 19, 2016
    - http://www.securitytracker.com/id/1034736
    CVE Reference: CVE-2015-7995, CVE-2016-1716, CVE-2016-1717, CVE-2016-1718, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, CVE-2016-1722, CVE-2016-1729
    Jan 20 2016
    Impact: A local user can obtain kernel-level or root privileges on the target system.
    Solution: The vendor has issued a fix (10.11.3; Security Update 2016-001).
    ___

    - https://www.us-cert.gov/ncas/current...tan-and-Safari
    Jan 19, 2016

    Last edited by AplusWebMaster; 2016-01-20 at 13:15.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #210
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WordPress 4.4.2 released

    FYI...

    WordPress 4.4.2 - Security and Maintenance Release
    - https://wordpress.org/news/
    Feb 2, 2016 - "WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.4.1 and earlier are affected by two security issues: a possible XSS for certain local URIs... and an open redirection attack...
    In addition to the security issues above, WordPress 4.4.2 fixes 17 bugs from 4.4 and 4.4.1. For more information, see the release notes or consult the list of changes..."

    Release notes
    - https://codex.wordpress.org/Version_4.4.2

    List of changes
    - https://core.trac.wordpress.org/query?milestone=4.4.2

    Download
    - https://wordpress.org/download/

    - https://www.us-cert.gov/ncas/current...ecurity-Update
    Feb 02, 2016
    ___

    - http://www.securitytracker.com/id/1034933
    CVE Reference: CVE-2016-2221, CVE-2016-2222
    Feb 4 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 4.4.2 ...
    Impact: A remote user can take actions on the target system acting as the target authenticated user.
    A remote user can cause the target user's browser to be redirected to an arbitrary web site.
    Solution: The vendor has issued a fix (4.4.2)...

    Last edited by AplusWebMaster; 2016-02-05 at 14:14.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •