The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks.
Many Linux distributions and other software which use GnuTLS are affected.
Updates available include:
- GnuTLS 2.12.x patch application
- GnuTLS 3.2.12 for the current stable branch
- GnuTLS 3.1.22 for the previous stable branch
Users and administrators are encouraged to review the GnuTLS Security Advisory GNUTLS-SA-2014-2 and apply the necessary updates to help mitigate the risk.
Google has released Google Chrome 33.0.1750.146 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to compromise a vulnerable system.
US-CERT encourages users and administrators to review the Google Chrome Release blog entry and apply the update.
Apple has released QuickTime 7.7.5 for Windows operating systems to address multiple vulnerabilities, which may lead to an unexpected application termination or arbitrary code execution.
US-CERT encourages users and administrators to review Apple Support Article HT6151 and apply any necessary updates.