Page 25 of 31 FirstFirst ... 15212223242526272829 ... LastLast
Results 241 to 250 of 306

Thread: Alerts

  1. #241
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation OpenSSL 1.0.1u, 1.0.2i, 1.1.0a released

    FYI...

    OpenSSL 1.0.1u, 1.0.2i, 1.1.0a released
    - https://www.openssl.org/news/secadv/20160922.txt
    22 Sep 2016 - "Severity: High ...
    OpenSSL 1.1.0 users should upgrade to 1.1.0a
    OpenSSL 1.0.2 users should upgrade to 1.0.2i
    OpenSSL 1.0.1 users should upgrade to 1.0.1u ..."

    - https://www.openssl.org/news/secadv/20160926.txt
    26 Sep 2016 - "Severity: Critical
    OpenSSL 1.1.0 users should upgrade to 1.1.0b ...
    OpenSSL 1.0.2i users should upgrade to 1.0.2j ..."

    > https://isc.sans.edu/diary.html?storyid=21509
    2016-09-22 - "OpenSSL released an update today for all currently supported versions (1.0.1, 1.0.2, 1.1.0).
    The update fixes -14- different vulnerabilities... With this update, the latest versions of OpenSSL for the various branches are 1.0.1u, 1.0.2i and 1.1.0a. All three branches are currently supported..."
    (See chart @ the isc URL above.)
    ___

    - http://www.securitytracker.com/id/1036878
    CVE Reference: CVE-2016-6304
    Sep 22 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 1.0.1, 1.0.2, 1.1.0...
    Impact: A remote authenticated user can consume excessive memory resources on the target system.
    Solution: The vendor has issued a fix (1.0.1u, 1.0.2i, 1.1.0a)...

    - http://www.securitytracker.com/id/1036879
    CVE Reference: CVE-2016-6305
    Sep 22 2016
    Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
    Version(s): 1.1.0...
    Impact: A remote authenticated user can cause the target service to hang.
    Solution: The vendor has issued a fix (1.1.0a)...

    - http://www.securitytracker.com/id/1036885
    CVE Reference: CVE-2016-6302, CVE-2016-6303, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, CVE-2016-7052
    Updated: Sep 26 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Impact: A remote user can cause the target service or application to crash.
    Solution: The vendor has issued a fix (1.0.1u, 1.0.2i, 1.1.0a).
    [Editor's note: On September 26, 2016, the vendor reported that two of the fixed versions contain vulnerabilities. Version 1.1.0a is affected by a use-after-free memory error (CVE-2016-6309), reported by Robert Swiecki (Google Security Team). Version 1.0.2i is affected by a CRL processing null pointer exception (CVE-2016-7052), reported by Bruce Stephens and Thomas Jakobi. The revised fixes are versions 1.1.0b and 1.0.2j.]
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Last revised: Sep 26, 2016

    Last edited by AplusWebMaster; 2016-09-27 at 14:35.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #242
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird 45.4.0 released

    FYI...

    Thunderbird 45.4.0 released
    - https://www.mozilla.org/en-US/thunde.../releasenotes/
    Oct 3, 2016
    What’s New:
    Fixed:
    - Display name was truncated if no separating space before email address.
    - Recipient addresses were shown in red despite being inserted from the address book in some circumstances.
    - Additional spaces were inserted when drafts were edited.
    - Mail saved as template copied In-Reply-To and References from original email.
    - Threading broken when editing message draft, due to loss of Message-ID
    - "Apply columns to..." did not honor special folders

    ... 12 bugs fixed.

    Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
    Manual check: Go to >Help >About Thunderbird

    - https://www.mozilla.org/en-US/thunderbird/releases/

    Download
    - https://www.mozilla.org/en-US/thunderbird/all/

    Add-ons
    - https://addons.mozilla.org/en-US/thunderbird/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #243
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple security updates - 2016.10.24

    FYI...

    - https://support.apple.com/en-us/HT201222

    iOS 10.1
    - https://support.apple.com/en-us/HT207271
    Oct 24, 2016 - "Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later..."
    - http://www.securitytracker.com/id/1037088
    CVE Reference: CVE-2016-4664, CVE-2016-4665, CVE-2016-4680, CVE-2016-4686
    Oct 25 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Impact: An application user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (10.1)...

    Safari 10.0.1
    - https://support.apple.com/en-us/HT207272
    Oct 24, 2016 - "Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12..."
    - http://www.securitytracker.com/id/1037087
    CVE Reference: CVE-2016-4666, CVE-2016-4676, CVE-2016-4677
    Oct 25 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 10.0.1...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (10.0.1)...

    macOS Sierra 10.12.1
    - https://support.apple.com/en-us/HT207275
    Oct 24, 2016 - "Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6..."
    - http://www.securitytracker.com/id/1037086
    CVE Reference: CVE-2016-4635, CVE-2016-4660, CVE-2016-4661, CVE-2016-4662, CVE-2016-4663, CVE-2016-4667, CVE-2016-4669, CVE-2016-4671, CVE-2016-4673, CVE-2016-4674, CVE-2016-4675, CVE-2016-4678, CVE-2016-4679, CVE-2016-4682, CVE-2016-7579
    Oct 25 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 10.12.1 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A local user can cause denial of service conditions on the target system.
    A remote user can modify files on the target system.
    A local user can obtain root privileges on the target system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (10.12.1)...

    tvOS 10.0.1
    - https://support.apple.com/en-us/HT207270
    Oct 24, 2016 - "Available for: Apple TV (4th generation)..."

    watchOS 3.1
    - https://support.apple.com/en-us/HT207269
    Oct 24, 2016 - "Available for: All Apple Watch models..."

    Last edited by AplusWebMaster; 2016-10-25 at 12:10.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #244
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adblock Plus 2.8 for Firefox

    FYI...

    Adblock Plus 2.8 for Firefox released
    - https://adblockplus.org/releases/adb...refox-released
    2016-10-25
    Install Adblock Plus 2.8 for Firefox

    This release changes the way element hiding works in Firefox, so that noticeable delays from changing a single element hiding rule should be no more. Also, the behavior should be more consistent now and filters not applying on a particular website should no longer be able to cause unexpected side-effects. On the downside, changes to element hiding rules will only apply after a page is reloaded now (which is actually consistent with blocking rules).
    Additional changes:
    - There is a special $websocket type option now to block WebSocket requests, the type was previously considered to be other here (announcement*).
    * https://adblockplus.org/development-...for-websockets
    - Our toolbar icon will look better on high-resolution screens (issue 4142).
    - Removed feature selection from the first-run page until the features can be removed similarly easily (issue 4294).
    - Hits for CSS property filters which were introduced in the previous release are being counted now (issue 3969).
    - Fixed: CSS property filters applied even when Adblock Plus was disabled everywhere (issue 4201).
    - Fixed: A regression in pop-up blocking functionality caused websites to be mistakenly considered pop-ups under some circumstances (issue 4335).
    - Corrected handling of frames with srcdoc attribute.
    - Fixed and improved search functionality in Filter Preferences, was partially broken in Firefox nightly builds (issue 4510)...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #245
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adblock Plus 2.8.1 for Firefox released

    FYI...

    Adblock Plus 2.8.1 for Firefox released
    - https://adblockplus.org/releases/adb...refox-released
    2016-10-28 - "Our Adblock Plus 2.8 release introduced a -regression- that went unnoticed for months in the development builds. Users who activated the please_kill_startup_performance preference were experiencing data loss: filters didn’t load completely. Also, importing custom filters was failing for large files. Both issues have the same root cause (issue 4576) and have been resolved in Adblock Plus 2.8.1. If your data is still incomplete after updating to Adblock Plus 2.8.1 please click the “Backup and Restore” button in Filter Preferences — one of the automatically created backups is certain to be correct."


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #246
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple updates - 2016.10.27-31

    FYI...

    - https://support.apple.com/en-us/HT201222

    iOS 10.1.1
    - https://support.apple.com/en-us/HT207287
    Oct 31, 2016 - "iOS 10.1.1 includes the security content of iOS 10.1*."

    iOS 10.1
    * https://support.apple.com/en-us/HT207271
    Oct 24, 2016

    > http://www.macrumors.com/2016/10/31/...es-ios-10-1-1/
    Oct 31, 2016 - "...Today's update fixes bugs including an issue where Health data could not be viewed for some users. iOS 10.1.1 can be downloaded as a free over-the-air update on all iPhone, iPad, and iPod touch models compatible with iOS 10...
    Update: Apple has subsequently stopped signing iOS 10.0.2 and iOS 10.0.3, meaning that users can no longer downgrade to those software versions."

    - http://appleinsider.com/articles/16/...-in-health-app
    Oct 31, 2016
    ___

    iTunes 12.5.2 for Windows
    - https://support.apple.com/en-us/HT207274
    Oct 27, 2016 - "Available for: Windows 7 and later..."
    - http://www.securitytracker.com/id/1037139
    CVE Reference: CVE-2016-4613, CVE-2016-7578
    Oct 28 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 12.5.2 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (12.5.2; for Windows)...
    ___

    iCloud for Windows 6.0.1
    - https://support.apple.com/en-us/HT207273
    Oct 27, 2016 - "Available for: Windows 7 and later..."
    ___

    Xcode 8.1
    - https://support.apple.com/en-us/HT207268
    Oct 27, 2016 - "Available for: OS X El Capitan v10.11.5 and later..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #247
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird 45.5.0 released

    FYI...

    Thunderbird 45.5.0 released
    - https://www.mozilla.org/en-US/thunde.../releasenotes/
    Nov 18, 2016
    What’s New:
    Changed: IMPORTANT: Changed recipient address entry: Arrow-keys now copy the pop-up value to the input field. Mouse-hovered pop-up value can no longer be confirmed with tab or enter key. This restores the behavior of Thunderbird 24.
    Changed: Support changes to character limit in Twitter
    Fixed:
    - Reply with selected text containing quote resulted in wrong quoting level indication
    - Mail address display at header pane displayed incorrectly if the address contains UTF-8 according to RFC 6532
    - Attempting to sort messages on the Date field whilst a quick filter is applied got stuck on sort descending
    - Email invitation might not be displayed when description contains non-ASCII characters

    Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
    Manual check: Go to >Help >About Thunderbird

    - https://www.mozilla.org/en-US/thunderbird/releases/

    Download
    - https://www.mozilla.org/en-US/thunderbird/all/

    Add-ons
    - https://addons.mozilla.org/en-US/thunderbird/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #248
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adblock Plus 2.8.2 for Firefox released

    FYI...

    Adblock Plus 2.8.2 for Firefox released
    - https://adblockplus.org/releases/adb...refox-released
    2016-11-22
    Install Adblock Plus 2.8.2 for Firefox
    ... This is a maintenance release, most importantly introducing some improvements to CSS property filters.
    Additional changes:
    - Made sure that element hiding rules don’t affect browser’s and extensions’ special pages, this regressed with Adblock Plus 2.8 (issue 4624, issue 4625).
    - Fixed blockable items list slowing down page loading (issue 4587).
    - Pop-ups using data: URLs and similar unusual schemes can be blocked now (issue 4368).
    - When selecting keyboard shortcuts, more shortcut keys already in use by the browser can be recognized. This will change the shortcut key to show Blockable items list from Ctrl/Cmd-Shift-V to Ctrl/Cmd-Shift-U for pretty much everybody (issue 4544).

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #249
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Network Time Protocol update

    FYI...

    Network Time Protocol update
    - https://www.us-cert.gov/ncas/current...ol-Daemon-ntpd
    Nov 21, 2016 - "The Network Time Foundation's NTP Project has released version ntp-4.2.8p9 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.
    US-CERT encourages users and administrators to review Vulnerability Note VU#633847* and the NTP Security Notice Page** for vulnerability and mitigation details."
    * http://www.kb.cert.org/vuls/id/633847

    ** http://nwtime.org/ntp428p9_release/
    ___

    - http://www.securitytracker.com/id/1037354
    CVE Reference: CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, CVE-2016-9312
    Nov 29 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 4.2.8p9 ...
    Impact: A remote user can cause the target service to crash.
    A remote user can obtain potentially sensitive information from the target system.
    A remote user can conduct denial of service amplification attacks against other targets.
    Solution: The vendor has issued a fix (4.2.8p9)...
    Vendor URL: http://support.ntp.org/bin/view/Main...4_2_8p9_NTP_Se

    Last edited by AplusWebMaster; 2016-12-06 at 12:22.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #250
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird 45.5.1 released

    FYI...

    Thunderbird 45.5.1 released
    - https://www.mozilla.org/en-US/thunde.../releasenotes/
    Nov 30, 2016

    - https://www.mozilla.org/en-US/securi...nderbird45.5.1

    - https://www.mozilla.org/en-US/securi...s/mfsa2016-92/
    Fixed in:
    Thunderbird 45.5.1
    CVE-2016-9079: Use-after-free in SVG Animation
    Critical

    Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
    Manual check: Go to >Help >About Thunderbird

    - https://www.mozilla.org/en-US/thunderbird/releases/

    Download
    - https://www.mozilla.org/en-US/thunderbird/all/

    Add-ons
    - https://addons.mozilla.org/en-US/thunderbird/
    ___

    - http://www.securitytracker.com/id/1037371
    CVE Reference: CVE-2016-9079
    Dec 1 2016
    Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
    Version(s): prior to 45.5.1
    Impact: A remote user can create JavaScript content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: Mozilla.org has issued a fix for Mozilla Thunderbird (45.5.1)...
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Nov 30, 2016

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •