Articles about patch

Volodymyr Krasyuk http://www.shutterstock.com/gallery-286606p1.html

Juniper squeezes vulns that allow total p0wnage

Juniper admins using the company's NorthStar WAN SDN Controller Application, hop to it: the company's just dropped fixes to 28 security vulnerabilities. The bugs apply to version 2.1.0 Service Pack 1 and newer versions of the application. With such a crop available, here are the most severe bugs, some of them internal to the …

Dirty COW redux: Linux devs patch botched patch for 2016 mess

Linus Torvalds last week rushed a patch into the Linux kernel, after researchers discovered the patch for 2016's Dirty COW bug had a bug of its own. Dirty COW is a privilege escalation vulnerability in Linux's “copy-on-write” mechanism, first documented in October 2016 and affecting both Linux and Android systems. As The …
Scary Skeleton Samba

Samba needs two patches, unless you're happy for SMB servers to dance for evildoers

It’s time to patch Samba again - or turn off SAMBA 1, which is never as easy as it sounds. The lid came off the issue a couple of days ago, when the big Linux distributions (Red Hat, Ubuntu, Debian and so on) rolled out fixes for a use-after-free error affecting all versions of SAMBA since 4.0 (published in 2012). The bug …
Shutterstock: insects in museum display

Be my guest, be my guest, at a hypervisor hacking fest

The Xen Project has posted advisories and patches for seven bugs, most of which let guests run denial-of-service (DoS) attacks on hosts. CVE-2017-15592 means “A malicious or buggy HVM guest may cause a hypervisor crash, resulting in a DoS affecting the entire host, or cause hypervisor memory corruption.” Privilege escalation …
Detail of A10 cannon, Shutterstock

Oracle Hospitality apps rolled out the Big Red carpet to crims

Hundreds of products, more than 250 vulnerabilities … yes, it's Oracle's quarterly critical patch update day! Oracle opens its bulletin with news that it "... continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes." "In some instances, it has …

Here's a timeless headline: Adobe rushes out emergency Flash fix after hacker exploits bug

Adobe today issued an emergency security patch for Flash, which squashes a bug being used in the wild right now by hackers to infect Windows PCs with spyware. The flaw, CVE-2017-11292, was discovered by Kaspersky Labs, and affects all current versions of Flash for Windows, macOS, Linux and Chrome OS. A programming cockup in …
Iain Thomson, 16 Oct 2017
Rage

Patch your WordPress plugins: Scum are right now hijacking blogs

The plugin gurus at WordFence have this week found three critical security holes in third-party WordPress extensions that are being actively exploited by hackers to take over websites. The team was investigating a number of hacking attacks that looked unusual and back-traced the intrusions to a PHP object injection …
Iain Thomson, 3 Oct 2017

Patch your Android, peeps, it has up to 14 nasty flaws to flog

Another month, another round of Android patches – although October's batch is pleasantly small compared to other recent releases. Of the 14 CVE flaws released, six cover Android's troubled media processing and playback engine. This means miscreants can fling malicious files at devices to potentially hijack them. The privilege …
Iain Thomson, 3 Oct 2017
rage

If at first you don't succeed, you're Microsoft trying to fix broken Excel 2016

Some Excel users have been struggling to add hyperlinks to spreadsheets, so Microsoft now has a patch for that – or rather a second one. On August 1, Microsoft released a patch to fix a problem with Office 2016 where users were being warned that their passwords were about to expire, even if they weren't. That update fixed the …
Iain Thomson, 24 Aug 2017

Leaky PostgreSQL passwords plugged

PostgreSQL has released three security patches for versions 9.6.4, 9.5.8, 9.4.13, 9.3.18, and 9.2.22. In CVE-2017-7547, a remote attacker can retrieve others' passwords because of a user mapping bug. The authorisation oopsie derives from the database's handling of pg_user_mappings, allowing an authenticated remote attacker …
LOL

Three Microsoft Outlook patches unpatched, users left to DIY

Microsoft has withdrawn at least three of the patches released at the end of June and early July, but left it to users to find out for themselves. The three patches – KB 4011042, KB 3191849 and KB 3213654 – fixed the same file-handling bugs in Outlook's 2010, 2013 and 2016 editions. Attachments containing “...” (ellipsis) or …
Cisco logo falling off Cisco building

Yes, this is our third Cisco story of the day. It's about 23 bugs you need to fix, stat

We all know the only thing more fun than a WebEx conference is a recorded WebEx conference, which is why WebEx Network Recording Player exists – and if you use it, you need to patch it. Switchzilla's 23-patch Wednesday Whack-a-Mole includes fixes for multiple buffer overrun WebEx vulnerabilities. The WebEx vulns can be …

Dell to patch AMT-vulnerable systems

Dell, which last week was scrambling to work out which of its systems are affected by the Intel AMT vulnerability, is scrambling to catch up with peers HP Inc, Lenovo and Fujitsu. In a note published on Friday, the company said it would publish firmware fixes for most vulnerable kit. As readers should already know, Intel …
Oracle acrobatics in the cloud

Oracle patches Solaris 10 hole exploited by NSA spyware tool – and 298 other security bugs

Oracle today emitted a huge batch of 299 security fixes for its software – including a patch for a vulnerability exploited by a leaked NSA tool that can hijack Solaris systems. Details of the massive April dump can be found here: Oracle describes the updates as "critical," and urges admins to install them "without delay." …
Iain Thomson, 19 Apr 2017
bricklayer

Don't worry, slowpoke Microsoft, we patched Windows bug for you, brags security biz

Video A computer security outfit claims to have plugged an information leak in Windows that was publicly revealed by Google before Microsoft had a patch ready. Could this third-party patching become a trend? Last month, Google's Project Zero team disclosed details of a trivial vulnerability in the Windows user-mode GDI library: the …
Iain Thomson, 7 Mar 2017
plasters cover arm. photo by shutterstock

Got an OpenBSD Web server? Better patch it

OpenBSD and two of its SSL libraries need patches against a pair of denial-of-service bugs that can crash Web-facing servers. The first is in the operating system's SSL implementation, specifically in the HTTP daemon. An advisory says that daemon can be crashed with repeated SSL renegotiation. A single renegotiation thread, …
Volodymyr Krasyuk http://www.shutterstock.com/gallery-286606p1.html

Happy Monday, Juniper admins: Get patching

Juniper Networks pushed out patches for its Junos operating system over the weekend. The first, rated high severity, is CVE-2017-2302. It's a denial-of-service (DoS) bug in its routing protocol daemon. “On Junos OS devices where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, …
Oracle and Sun logo

What's big and red and needs 270 security patches?

Oracle has revealed its quarterly Critical Patch Update Advisory for January 2017, which offers users a buffet of 270 fixes to apply. Big Red says that “due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.” Where to start? Perhaps with the sole problem …
Simon Sharwood, 18 Jan 2017

Create a news alert about patch, or find more stories about patch.

Biting the hand that feeds IT © 1998–2017