CDSA News

Weekend Vulnerability and Patch Report, July 20, 2014 (Citadel Information Group)

Important Security Updates

AVG Free Edition: AVG has released version 2014.0.4744 of its 32 bit Free Edition. Updates are available on AVG’s website.

Dropbox: Dropbox has released version 2.10.2 for its file hosting program. Updates are available at Dropbox’s website. 

Google Chrome: Google has released Google Chrome 36.0.1985.125 for Windows, Mac, Linux, and Chrome Frame to fix at least 2 moderately critical unpatched vulnerabilities in previous versions. Updates are available from within the browser or from Google Chrome’s website.

Google Chrome for Android: Google has released version 36.0.1985.122 of Chrome for Android to fix at least 2 unpatched vulnerabilities in previous versions. Updates are available through the program or device.

Oracle Java: Oracle has released Java SE 7 Update 65 to fix at least 20 vulnerabilities, some of which are highly critical. The update is available through Windows Control Panel or Java’s website.

Current Software Versions

Adobe Flash 14.0.0.145 [Windows 7: IE]

Adobe Flash 14.0.0.145 [Windows 7: Firefox, Mozilla]

Adobe Flash 14.0.0.145 [Windows 8: IE]

Adobe Flash 14.0.0.145 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.07

Dropbox 2.10.2

Firefox 30

Google Chrome 36.0.1985.125

Internet Explorer 11.0.9600.17126

Java SE 7 Update 65

QuickTime 7.7.5

Safari 5.1.7

Safari 7.0.4 [Mac OS X]

Skype 6.18.0.105  

For Your IT Department

Cisco Multiple Products: Secunia reports that Cisco has released updates for its SPA300 / SPA500 Series, WebEx Meetings Server and Meeting Center, Adaptive Security Appliance (ASA), Unified Contact Center Express, Unified Communications Manager, Wireless Residential Gateway, Identity Services Engine (ISE), Unified Contact Center Enterprise, multiple Wireless Residential Gateway products, and others. Apply updates. Secunia report several unpatched vulnerabilities in Cisco Unified Communications Domain Manager (CUCDM), Business Edition 3000 and others. No official solution is available.

Citrix NetScaler: Secunia reports that Citrix has released updates for its NetScaler and NetScaler Gateway to fix 2 vulnerabilities. Update to version 10.1-126.12.

Citrix XenDesktop: Secunia reports that Citrix has released updates for it’s XenDesktop to fix a vulnerability reported in the following products and versions: Citrix XenDesktop 5.6 Common Criteria, Citrix XenDesktop 5.6 x32, Citrix XenDesktop 5.6 x64, Citrix XenDesktop 7, Citrix XenDesktop 7.1, Citrix XenDesktop 7.5. Apply updates.

Citrix XenServer: Secunia reports that Citrix has released updates for it’s XenServer to fix 2 moderately critical vulnerabilities and a security issues. Apply updates.

Oracle Multiple Products: Both Secunia and US-Cert report that Oracle has released updates to fix more than 100 vulnerabilities, some of which are highly critical, for Oracle Linux for java-1.7.0-openjdk, Solaris, Hyperion Provider Services, Hyperion Common Admin, Hyperion Business Intelligence Plus, Hyperion Essbase, Siebel CRM, Communications Messaging Server, Secure Global Desktop, Agile Product Collaboration, E-Business Suite, BI Publisher, BI Publisher, PeopleSoft Enterprise Supply Chain Management (SCM), Retail Returns Management, PeopleSoft Enterprise Financial Management Solutions (FMS), PeopleSoft PeopleTools, PeopleSoft Enterprise Learning Management, Glassfish Communications Server, Glassfish Server, Retail Back Office and Oracle Retail Central Office, JDeveloper, WebLogic Server, WebCenter Portal, iPlanet Web Server, iPlanet Web Proxy Server, Traffic Director, Hyperion Enterprise Performance Management Architect, Database, MySQL Server, Transportation Management, VM VirtualBox, JRockit, ISC BIND included in Solaris, and others. Apply updates.