The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Google has released Google Chrome 33.0.1750.149 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to compromise a vulnerable system.
US-CERT encourages users and administrators to review the Google Chrome release blog entry and apply the update.
Google has released Google Chrome 33.0.1750.149 for all Chrome OS devices to address multiple bug fixes, security updates, and feature enhancements.
Users and administrators are encouraged to review the Google Chrome release blog entry for additional details.
GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks.
Many Linux distributions and other software which use GnuTLS are affected.
Updates available include:
- GnuTLS 2.12.x patch application
- GnuTLS 3.2.12 for the current stable branch
- GnuTLS 3.1.22 for the previous stable branch
Users and administrators are encouraged to review the GnuTLS Security Advisory GNUTLS-SA-2014-2 and apply the necessary updates to help mitigate the risk.