July 15, 2011 - Current Activity
This is an archived copy of current activity, if you would like to see the most recent version, please click here.
Oracle Releases Patch Update Pre-Release Announcement
added July 15, 2011 at 07:57 amOracle has issued a critical patch update pre-release announcement indicating that its July release will contain 78 new vulnerability fixes. Release of the critical patch update is scheduled for Tuesday, July 19, 2011.
US-CERT will provide additional information as it becomes available.
RIM Releases Security Advisory for BlackBerry Enterprise Server
added July 15, 2011 at 07:57 amRIM has released a security advisory to address a vulnerability in the BlackBerry Administration API included in the BlackBerry Enterprise Server. The vulnerability may allow an attacker with user permissions granted to the BlackBerry Administration API to disclose sensitive information or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the BlackBerry security advisory KB27258 and apply any necessary updates to help mitigate the risks.
VideoLAN Releases VLC Media Player Security Advisories
added July 14, 2011 at 08:20 amVideoLAN has released Security Advisory 1105 and Security Advisory 1106 for VLC Media Player 1.1.10 and older to address two vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to do the following to help mitigate the risks:
- Do not open untrusted files or files of unknown origins.
- Update to VLC Media Player 1.1.11 when it becomes available.
- Review Security Advisory 1105 and Security Advisory 1106.
Mozilla Releases Firefox 5.0.1
added July 13, 2011 at 07:44 amThe Mozilla Foundation has released Firefox 5.0.1 to address an issue with Mac OS X 10.7 and Java for Mac OS X 10.6 Update 5. These issues could cause Firefox to crash.
US-CERT encourages users and administrators to review the Mozilla Foundation Firefox 5.0.1 Release Notes and apply any necessary updates to help mitigate the risks.
Microsoft Releases July Security Bulletin
added July 7, 2011 at 01:20 pm | updated July 12, 2011 at 01:35 pmMicrosoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office as part of the Microsoft Security Bulletin Summary for July 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.
Internet System Consortium releases BIND Patches
added July 5, 2011 at 02:11 pmThe Internet System Consortium has released updates for BIND to address multiple vulnerabilities. CVE-2011-2464 affects the following versions: 9.6.3; 9.6-ESV-R4 and later; 9.7.0 and later; 9.7.1 and later; 9.7.2 and later; 9.7.3 and later; 9.7.4b1; 9.8.0 and later; and 9.8.1b1. CVE-2011-2465 affects the following versions: 9.8.0 and later, and 9.8.1b1. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition. Additional information regarding these vulnerabilities can be found in US-CERT Vulnerability Notes VU#142646 and VU#137968.
US-CERT encourages users and administrators to review CVE-2011-2464 and CVE-2011-2465 and apply the respective patches to help mitigate the risks. Since BIND is often packaged in larger third-party applications or operating system distributions, users and administrators should check with their software vendors for updated versions.
WordPress Releases Version 3.1.4
added June 30, 2011 at 11:39 amWordPress has released WordPress 3.1.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to operate with elevated privileges.
US-CERT encourages users and administrators to review the WordPress Codex document for version 3.1.4 and apply any necessary updates to help mitigate the risks.
Apple Releases Java Updates for Mac OS X 10.5 and OS X 10.6
added June 29, 2011 at 08:24 amApple has released Java for Mac OS X 10.5 Update 10 and Java for Mac OS X 10.6 Update 5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review Apple articles HT4739 and HT4738 and apply any necessary updates to help mitigate the risks.
Google Releases Chrome 12.0.742.112
added June 28, 2011 at 03:17 pm
Google released Chrome 12.0.742.112 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. This update also contains an updated version of Adobe Flash.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
Apple Releases Security Updates to Address Multiple Vulnerabilities
added June 24, 2011 at 08:04 amApple has released Mac OS X 10.6.8 and Security Update 2011-004 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, disclose sensitive information, or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Apple Support Article HT4723 and apply any necessary updates to help mitigate the risks.