Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

Get answers from experts today. (it's 100% free). Spyware, Virus, Trojan, Rootkit? Remove malware > Virus Removal Forum. Learn how it works.

Create an Account Login to Account


Photo

Adobe updates/advisories


  • Please log in to reply
156 replies to this topic

#151 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 9,030 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 16 June 2015 - 07:43 PM

YI...

Adobe Photoshop CC updated
- https://helpx.adobe..../apsb15-12.html
June 16, 2015
CVE number: CVE-2015-3109, CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Platform: Windows and Macintosh
Summary: Adobe has released an update for Photoshop CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.
Affected software versions
Adobe Photoshop CC 2014 (15.2.2) (2014.2.2) and earlier versions for Windows and Macintosh
Solution: Adobe recommends users update their software installation via the application's update mechanism by launching the application, navigating to the Help menu, and clicking "Updates".  For more information, please reference this help page*:
* https://helpx.adobe....15-updates.html
Product             Updated version     Platform     Priority rating
Adobe Photoshop CC 2015     16.0 (2015.0.0)     Windows and Macintosh     3
These updates address a critical vulnerability in the software..."

- http://www.securityt....com/id/1032659
CVE Reference: CVE-2015-3109, CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Jun 19 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes...
Solution: The vendor has issued a fix (16.0 (2015.0.0)).
___

Adobe Bridge CC updated
- https://helpx.adobe..../apsb15-13.html
June 16, 2015
CVE number: CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Platform: Windows and Macintosh
Summary: Adobe has released an update for Adobe Bridge CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system...
Solution: Adobe recommends users update their software installation via the application's update mechanism by launching the application, navigating to the Help menu and clicking "Updates".  For more information, please reference the following help page*:
* https://helpx.adobe....15-updates.html
Creative Cloud desktop app displays an Update All button or Update buttons next to installed apps. Clicking Update or Update All installs the latest versions of apps on your computer..."
Product     Updated version     Platform     Priority rating
Adobe Bridge CC     6.1.1     Windows and Macintosh     3
These updates address a critical vulnerability in the software.

- http://www.securityt....com/id/1032658
CVE Reference: CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Jun 19 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes...  
Solution: The vendor has issued a fix (6.1.1).
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 19 June 2015 - 03:49 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#152 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 9,030 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 23 June 2015 - 02:53 PM

FYI...

Flash 18.0.0.194 released
- https://helpx.adobe..../apsb15-14.html
June 23, 2015
CVE number: https://web.nvd.nist...d=CVE-2015-3113 / 10.0 (HIGH)
Last revised: 06/24/2015 - "... as exploited in the wild in June 2015."
Platform: Windows, Macintosh and Linux
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.
Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh should update to Adobe Flash Player 18.0.0.194.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.296.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.468.
- Adobe Flash Player installed with Google Chrome and Adobe Flash Player installed with Internet Explorer on Windows 8.x will automatically update to version 18.0.0.194...

For IEv9:
- https://download.mac...18_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.mac...r_18_plugin.exe

Flash test site: https://www.adobe.co...re/flash/about/
___

- https://community.qu...for-adobe-flash
Jun 23, 2015 - "Adobe came out today with an out-of-band patch (APSB15-14) for their Flash Player, the fifth time that Flash has required an out-of-band fix for a 0-day. FireEye* had notified them of a critical vulnerability (CVE-2015-3113) that they discovered in use in Asia. They believe it was developed by the group called APT3 and used in targeted attacks against a number of industries. The vulnerability lies in the video decoding part of Flash and the exploit shows some signs of sophistication by introducing new techniques in their use of ROP. Patch as quickly as possible. 0-days once discovered this way tend to spread quickly to other cyber criminal groups. Adobe mentions that all known targets seem to use Windows 7 and Internet Explorer and Firefox on Windows XP... Users of IE10/11 and Google Chrome will get their patches through their browsers directly, everybody else will need to download directly from Adobe."
* https://www.fireeye....h-zero-day.html
June 23, 2015

- http://www.securityt....com/id/1032696
CVE Reference: https://web.nvd.nist...d=CVE-2015-3113
Jun 23 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 18.0.0.161 and prior...
FireEye reported this vulnerability.
Impact: A remote user can create Flash content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (18.0.0.194; ESR 13.0.0.296; 11.2.202.468 for Linux)...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 29 June 2015 - 05:41 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#153 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 9,030 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 07 July 2015 - 12:48 PM

FYI...

Flash Player Security Advisory
- https://helpx.adobe..../apsa15-03.html
July 7, 2015
CVE number: CVE-2015-5119
Platform: Windows, Macintosh and Linux
Summary: A critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8, 2015.
Affected software versions:
- Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh
- Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh
- Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux..."
___

Flash 0-day - Use-After-Free Vuln
- https://www.us-cert....e-Vulnerability
July 07, 2015
___

- http://arstechnica.c...-into-the-wild/
Jul 7, 2015 - "... Until a fix is installed, readers should consider -disabling- Flash, particularly when browsing websites they are unfamiliar with..."

Flash 0-Day Integrated Into Exploit Kits
- http://blog.trendmic...o-exploit-kits/
July 7, 2015 - "... one of the payloads being spread in this manner as CryptoWall 3.0, particularly by the Angler exploit kit..."
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 08 July 2015 - 08:12 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#154 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 9,030 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 08 July 2015 - 08:56 AM

FYI...

Flash 18.0.0.203 released
- https://helpx.adobe..../apsb15-16.html
July 8, 2015
CVE number: CVE-2014-0578, CVE-2015-3097, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3125, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5116, CVE-2015-5117, CVE-2015-5118, CVE-2015-5119
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 18.0.0.203 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release... update to version 13.0.0.302 by visiting:

> http://helpx.adobe.c...r-versions.html
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.481 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 18.0.0.203 on Windows and Macintosh, and Flash Player 18.0.0.204 on Linux.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 18.0.0.203...

For IEv9 and below:
- https://download.mac...18_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.mac...r_18_plugin.exe

Flash test site: https://www.adobe.co...re/flash/about/

AIR: http://get.adobe.com/air/

- https://web.nvd.nist...d=CVE-2015-5119
Last revised: 07/10/2015 - "... as exploited in the wild in July 2015."

10.0 (HIGH)

___

- http://www.securityt....com/id/1032809
CVE Reference: CVE-2015-5119
Jul 8 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 18.0.0.194 and prior; ESR 13.0.0.296 and prior; 11.2.202.468 and prior 11.x versions for Linux...
Solution: The vendor has issued a fix (18.0.0.203, ESR 13.0.0.302, 11.2.202.481 for Linux).

- http://www.securityt....com/id/1032810
CVE Reference: CVE-2014-0578, CVE-2015-3097, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3125, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5116, CVE-2015-5117, CVE-2015-5118
Jul 8 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 18.0.0.194 and prior; ESR 13.0.0.296 and prior; 11.2.202.468 and prior 11.x versions for Linux...
Solution: The vendor has issued a fix (18.0.0.203, ESR 13.0.0.302, 11.2.202.481 for Linux).
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 13 July 2015 - 08:35 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#155 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 9,030 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 14 July 2015 - 08:38 AM

FYI...

Flash 18.0.0.209 released
- https://helpx.adobe..../apsb15-18.html
July 14, 2015
CVE number: CVE-2015-5122, CVE-2015-5123  
Platform: Windows, Macintosh and Linux
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 18.0.0.209 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release... update to version 13.0.0.305 by visiting http://helpx.adobe.c...r-versions.html
- Adobe will provide an update for Flash Player for Linux during the week of July 12. The update will be available by visiting the Adobe Flash Player Download Center. Please continue to monitor the PSIRT blog for updates.  
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 18.0.0.209 on Windows, Macintosh and Linux.
- Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 18.0.0.209...

For IEv9 and below:
- https://download.mac...18_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.mac...r_18_plugin.exe

Flash test site: https://www.adobe.co...re/flash/about/

AIR: http://get.adobe.com/air/

> http://googleproject...gations_16.html
July 16, 2015

> http://blog.trendmic...in-the-browser/
July 30, 2015

- http://www.securityt....com/id/1032890
CVE Reference: CVE-2015-5122, CVE-2015-5123
Jul 14 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes  Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (18.0.0.209, ESR 13.0.0.305 Windows/Mac).  

Adobe Product Security Incident Response Team (PSIRT)
- https://blogs.adobe.com/psirt/?p=1247
UPDATE July 16: "Updated APSB15-18* to include versions of Flash Player for Linux as well as the Extended Support Release that address the vulnerabilities referenced in APSB15-18."
* https://helpx.adobe..../apsb15-18.html
Last updated: July 16, 2015
CVE number: CVE-2015-5122, CVE-2015-5123
Flash Player ESR   - 13.0.0.309
Flash Player Linux - 11.2.202.491     
___

Shockwave 12.1.9.159 released
- https://helpx.adobe..../apsb15-17.html
July 14, 2015
CVE number: CVE-2015-5120, CVE-2015-5121
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player for Windows and Macintosh. This update addresses critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
- Adobe recommends users of Adobe Shockwave Player 12.1.8.158 and earlier versions for Windows and Macintosh update to Adobe Shockwave Player 12.1.9.159 by visiting the Adobe Shockwave Player Download Center*.
* https://get.adobe.com/shockwave/

- http://www.securityt....com/id/1032891
CVE Reference: CVE-2015-5120, CVE-2015-5121
Jul 14 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 12.1.8.158 and prior...
Solution: The vendor has issued a fix (12.1.9.159).
___

Adobe Acrobat/Reader 11.0.12/10.1.15 released
- https://helpx.adobe..../apsb15-15.html
July 14, 2015
CVE numbers:  CVE-2014-0566, CVE-2014-8450, CVE-2015-3095, CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4443, CVE-2015-4444, CVE-2015-4445, CVE-2015-4446, CVE-2015-4447, CVE-2015-4448, CVE-2015-4449, CVE-2015-4450, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, CVE-2015-5086, CVE-2015-5087, CVE-2015-5088, CVE-2015-5089, CVE-2015-5090, CVE-2015-5091, CVE-2015-5092, CVE-2015-5093, CVE-2015-5094, CVE-2015-5095, CVE-2015-5096, CVE-2015-5097, CVE-2015-5098, CVE-2015-5099, CVE-2015-5100, CVE-2015-5101, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, CVE-2015-5105, CVE-2015-5106, CVE-2015-5107, CVE-2015-5108, CVE-2015-5109, CVE-2015-5110, CVE-2015-5111, CVE-2015-5113, CVE-2015-5114, CVE-2015-5115
Platforms: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions via one of the following methods:  
- Users can update their product installations manually by choosing Help > Check for Updates.  
- The products will update automatically, without requiring user intervention, when updates are detected.  
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
> https://get.adobe.com/reader/

Acrobat Updates/Programs: https://www.adobe.co...latform=Windows

Reader Updates/Programs: https://www.adobe.co...latform=Windows

- http://www.securityt....com/id/1032892
CVE Reference: CVE-2014-0566, CVE-2014-8450, CVE-2015-3095, CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4443, CVE-2015-4444, CVE-2015-4445, CVE-2015-4446, CVE-2015-4447, CVE-2015-4448, CVE-2015-4449, CVE-2015-4450, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, CVE-2015-5086, CVE-2015-5087, CVE-2015-5088, CVE-2015-5089, CVE-2015-5090, CVE-2015-5091, CVE-2015-5092, CVE-2015-5093, CVE-2015-5094, CVE-2015-5095, CVE-2015-5096, CVE-2015-5097, CVE-2015-5098, CVE-2015-5099, CVE-2015-5100, CVE-2015-5101, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, CVE-2015-5105, CVE-2015-5106, CVE-2015-5107, CVE-2015-5108, CVE-2015-5109, CVE-2015-5110, CVE-2015-5111, CVE-2015-5113, CVE-2015-5114, CVE-2015-5115
Jul 14 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.1.14 and prior; 11.0.11 and prior...
Solution: The vendor has issued a fix (10.1.15, 11.0.12, DC 2015.008.20082).
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 03 August 2015 - 06:58 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#156 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 9,030 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 11 August 2015 - 10:50 AM

FYI...

Flash 18.0.0.232 released
- https://helpx.adobe..../apsb15-19.html
Aug 11, 2015
APSB15-19
CVE number: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe... recommends users update their installation to the newest version:
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 18.0.0.232 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release [2] update to version 18.0.0.232 by visiting:

- http://helpx.adobe.c...r-versions.html.
- Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.508 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 18.0.0.232 on Windows and Macintosh, and version 18.0.0.233 for Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 18.0.0.232.
- Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 18.0.0.232.
- Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 18.0.0.199 ...

2] https://blogs.adobe....-release-2.html

For IEv9 and below:
- https://download.mac...18_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.mac...r_18_plugin.exe

Flash test site: https://www.adobe.co...re/flash/about/

AIR: http://get.adobe.com/air/

Aug 12, 2015: Added a reference to CVE-2015-5565, a use-after-free issue similar to CVE-2015-3107. A fix for CVE-2015-3107 was introduced in APSB15-11, and has been strengthened in APSB15-19. Also, removed CVE-2015-5128, which was previously assessed to be a Type Confusion issue and has been re-classified as a non-exploitable crash due to a null pointer exception.
___

- http://www.securityt....com/id/1033235
CVE Reference: CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563
Aug 11 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 18.0.0.209 and prior...
Solution: The vendor has issued a fix (18.0.0.232, 11.2.202.508 for Linux)...
 

:ph34r:


Edited by AplusWebMaster, 17 August 2015 - 01:19 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#157 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 9,030 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted Yesterday, 02:45 PM

FYI...

Hotfix available for ColdFusion
- https://helpx.adobe..../apsb15-21.html
Aug 27, 2015
CVE numbers: CVE-2015-3269
Platforms: All
Summary: Adobe has released a security hotfix for ColdFusion versions 11 and 10. This hotfix includes an updated version of BlazeDS, which addresses an important vulnerability that could result in information disclosure. Adobe recommends users apply the hotfix using the instructions provided in the "Solution" section below...
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
ColdFusion 11: http://helpx.adobe.c...1-update-6.html
ColdFusion 10: http://helpx.adobe.c...-update-17.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide and ColdFusion 10 Lockdown Guide...
Vulnerability Details: This hotfix resolves an issue associated with the parsing of crafted XML external entities in BlazeDS that could lead to information disclosure (CVE-2015-3269)...
 

:ph34r: :ph34r:


This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users