Articles about patch

Shutterstock: insects in museum display

Be my guest, be my guest, at a hypervisor hacking fest

The Xen Project has posted advisories and patches for seven bugs, most of which let guests run denial-of-service (DoS) attacks on hosts. CVE-2017-15592 means “A malicious or buggy HVM guest may cause a hypervisor crash, resulting in a DoS affecting the entire host, or cause hypervisor memory corruption.” Privilege escalation …
Detail of A10 cannon, Shutterstock

Oracle Hospitality apps rolled out the Big Red carpet to crims

Hundreds of products, more than 250 vulnerabilities … yes, it's Oracle's quarterly critical patch update day! Oracle opens its bulletin with news that it "... continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes." "In some instances, it has …

Here's a timeless headline: Adobe rushes out emergency Flash fix after hacker exploits bug

Adobe today issued an emergency security patch for Flash, which squashes a bug being used in the wild right now by hackers to infect Windows PCs with spyware. The flaw, CVE-2017-11292, was discovered by Kaspersky Labs, and affects all current versions of Flash for Windows, macOS, Linux and Chrome OS. A programming cockup in …
Iain Thomson, 16 Oct 2017
Rage

Patch your WordPress plugins: Scum are right now hijacking blogs

The plugin gurus at WordFence have this week found three critical security holes in third-party WordPress extensions that are being actively exploited by hackers to take over websites. The team was investigating a number of hacking attacks that looked unusual and back-traced the intrusions to a PHP object injection …
Iain Thomson, 3 Oct 2017

Patch your Android, peeps, it has up to 14 nasty flaws to flog

Another month, another round of Android patches – although October's batch is pleasantly small compared to other recent releases. Of the 14 CVE flaws released, six cover Android's troubled media processing and playback engine. This means miscreants can fling malicious files at devices to potentially hijack them. The privilege …
Iain Thomson, 3 Oct 2017
rage

If at first you don't succeed, you're Microsoft trying to fix broken Excel 2016

Some Excel users have been struggling to add hyperlinks to spreadsheets, so Microsoft now has a patch for that – or rather a second one. On August 1, Microsoft released a patch to fix a problem with Office 2016 where users were being warned that their passwords were about to expire, even if they weren't. That update fixed the …
Iain Thomson, 24 Aug 2017

Leaky PostgreSQL passwords plugged

PostgreSQL has released three security patches for versions 9.6.4, 9.5.8, 9.4.13, 9.3.18, and 9.2.22. In CVE-2017-7547, a remote attacker can retrieve others' passwords because of a user mapping bug. The authorisation oopsie derives from the database's handling of pg_user_mappings, allowing an authenticated remote attacker …
LOL

Three Microsoft Outlook patches unpatched, users left to DIY

Microsoft has withdrawn at least three of the patches released at the end of June and early July, but left it to users to find out for themselves. The three patches – KB 4011042, KB 3191849 and KB 3213654 – fixed the same file-handling bugs in Outlook's 2010, 2013 and 2016 editions. Attachments containing “...” (ellipsis) or …
Cisco logo falling off Cisco building

Yes, this is our third Cisco story of the day. It's about 23 bugs you need to fix, stat

We all know the only thing more fun than a WebEx conference is a recorded WebEx conference, which is why WebEx Network Recording Player exists – and if you use it, you need to patch it. Switchzilla's 23-patch Wednesday Whack-a-Mole includes fixes for multiple buffer overrun WebEx vulnerabilities. The WebEx vulns can be …

Dell to patch AMT-vulnerable systems

Dell, which last week was scrambling to work out which of its systems are affected by the Intel AMT vulnerability, is scrambling to catch up with peers HP Inc, Lenovo and Fujitsu. In a note published on Friday, the company said it would publish firmware fixes for most vulnerable kit. As readers should already know, Intel …
Oracle acrobatics in the cloud

Oracle patches Solaris 10 hole exploited by NSA spyware tool – and 298 other security bugs

Oracle today emitted a huge batch of 299 security fixes for its software – including a patch for a vulnerability exploited by a leaked NSA tool that can hijack Solaris systems. Details of the massive April dump can be found here: Oracle describes the updates as "critical," and urges admins to install them "without delay." …
Iain Thomson, 19 Apr 2017
bricklayer

Don't worry, slowpoke Microsoft, we patched Windows bug for you, brags security biz

Video A computer security outfit claims to have plugged an information leak in Windows that was publicly revealed by Google before Microsoft had a patch ready. Could this third-party patching become a trend? Last month, Google's Project Zero team disclosed details of a trivial vulnerability in the Windows user-mode GDI library: the …
Iain Thomson, 7 Mar 2017
plasters cover arm. photo by shutterstock

Got an OpenBSD Web server? Better patch it

OpenBSD and two of its SSL libraries need patches against a pair of denial-of-service bugs that can crash Web-facing servers. The first is in the operating system's SSL implementation, specifically in the HTTP daemon. An advisory says that daemon can be crashed with repeated SSL renegotiation. A single renegotiation thread, …
Volodymyr Krasyuk http://www.shutterstock.com/gallery-286606p1.html

Happy Monday, Juniper admins: Get patching

Juniper Networks pushed out patches for its Junos operating system over the weekend. The first, rated high severity, is CVE-2017-2302. It's a denial-of-service (DoS) bug in its routing protocol daemon. “On Junos OS devices where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, …
Oracle and Sun logo

What's big and red and needs 270 security patches?

Oracle has revealed its quarterly Critical Patch Update Advisory for January 2017, which offers users a buffet of 270 fixes to apply. Big Red says that “due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.” Where to start? Perhaps with the sole problem …
Simon Sharwood, 18 Jan 2017
Quick fix - worker running while carrying a wrench

ISC squishes BIND packet-of-death bugs

BIND administrators, get patching: there are three irritating flaws you need to splat. The denial-of-service vulnerabilities in question are CVE-2016-9131, CVE-2016-9147, and CVE-2016-9444. Common to all three is that they're exploitable denial-of-service bugs that predominantly affect BIND-based DNS servers running in …

Docker swings door shut on privilege escalation bug

Docker has patched what it calls a “minor” container escape. CVE-2016-9962 was a bug in runc – an insecure file descriptor opening that cleared the way to local privilege escalation. In other words, the contents of one container could be exposed to another, running under the same Docker instance. From its Full Disclosure post …

VNC server library gets security fix

An important fix for libvncserver has landed in Debian and on the library's GitHub page. Late in 2016, a bug emerged in the VNC libraries that left clients vulnerable to malicious servers. As the Debian advisory states, the fix addresses two bugs: CVE-2016-9941 and CVE-2016-9942. The libraries incorrectly handled incoming …

Create a news alert about patch, or find more stories about patch.

Biting the hand that feeds IT © 1998–2017