CDSA News

Weekend Vulnerability and Patch Report, June 8, 2014 (Citadel Information Group)

Important Security Updates

Adobe Shockwave Player: Adobe has released version 12.1.2.152 of Shockwave Player running on Windows and Macintosh. Updates are available through the program or from Adobe’s Shockwave Web Site.

Opera: Opera has released version 22.0.1471.50 to fix moderately critical unpatched vulnerabilities in previous versions. Updates are available from within the browser or from Opera’s Web site.

Current Software Versions

Adobe Flash 13.0.0.214 [Windows 7: IE]

Adobe Flash 13.0.0.214 [Windows 7: Firefox, Mozilla]

Adobe Flash 13.0.0.214 [Windows 8: IE]

Adobe Flash 13.0.0.214 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.07

Dropbox 2.8.3

Firefox 29.0.1

Google Chrome 35.0.1916.114

Internet Explorer 11.0.9600.17105

Java SE 7 Update 60

QuickTime 7.7.5

Safari 5.1.7

Safari 7.0.4 [Mac OS X]

Skype 6.16.0.105

For Your IT Department

McAfee Data Loss Prevention: Secunia reports that McAfee has released updates for its Data Loss Prevention to fix moderately critical vulnerabilities. Update to version 9.3.2 and apply hotfixes.

OpenSSL: US-CERT reports that OpenSSL has released updates in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.