U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Samba Remote Code Execution Vulnerability

Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon (smbd). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

US-CERT recommends users and administrators refer to their respective Linux OS vendor(s) for an appropriate patch if affected. Patches are currently available from Debian, Red Hat, Suse, and Ubuntu. A Samba patch is available for experienced users and administrators to implement.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of these vulnerabilities may allow a remote attacker to obtain sensitive information or execute arbitrary code on an affected system.

Updates available include:

  • Firefox 36
  • Firefox ESR 31.5
  • Thunderbird 31.5

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and Thunderbird and apply the necessary updates.

Lenovo Computers Vulnerable to HTTPS Spoofing

Lenovo consumer personal computers employing the pre-installed Superfish Visual Discovery software contain a critical vulnerability through a compromised root CA certificate. Exploitation of this vulnerability could allow a remote attacker to read all encrypted web browser traffic (HTTPS), successfully impersonate (spoof) any website, or perform other attacks on the affected system.

US-CERT recommends users and administrators review Vulnerability Note VU#529496 and US-CERT Alert TA15-051A for additional information and mitigation details.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top