CDSA News

Important Security Updates

Dropbox: Dropbox has released version 2.10.39 for its file hosting program. Updates are available at Dropbox’s website.

Google Chrome: Google has released Google Chrome version 38.0.2125.101 for Windows, Mac, and Linux to fix at least 13 unpatched vulnerabilities, some of which are highly critical, reported in previous versions. Updates are available from within the browser or from Google Chrome’s website.

Google Chrome for Android: Google has released version 38.0.2125.102 of Google Chrome for Android to fix a vulnerability reported in previous versions. Updates are available through the device.

Google Chrome for iOS Facetime: Google has released version 38.0.2125.59 of Google Chrome for iOS Facetime to fix a moderately critical vulnerability reported in previous versions. Updates are available through the device.

KeePass: KeePass has released version 1.28 of its open source password manager. Updates are available from the KeePass website.

Skype: Skype has released Skype 6.21.0.104. Updates are available from the program or Skype’s website.

Current Software Versions

Adobe Flash 15.0.0.167 [Windows 7: IE]

Adobe Flash 15.0.0.152 [Windows 7: Firefox, Mozilla]

Adobe Flash 15.0.0.167 [Windows 8: IE]

Adobe Flash 15.0.0.152 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.09

Dropbox 2.10.39

Firefox 32.0.3

Google Chrome 38.0.2125.101

Internet Explorer 11.0.9600.17280

Java SE 7 Update 67

QuickTime 7.7.5

Safari 5.1.7

Safari 7.1 [Mac OS X]

Skype 6.21.0.104

For Your IT Department

Cisco Multiple Products: Secunia reports Cisco has released updates for WebEx, Adaptive Security Appliance (ASA), IOS XR , and others. Apply available updates.

McAfee Email and Web Security Appliance: Secunia reports at least 6 moderately critical unpatched vulnerabilities in McAfee’s Email and Web Security Appliance reported in version 5.6 patch 5. Other versions may also be affected. No official solution is currently available.

McAfee Multiple Products: Secunia reports McAfee has released updates for Email Gateway, Next Generation Firewall (NGFW), Web Gateway, Firewall Enterprise Control Center to fix at least 6 highly critical vulnerabilities reported in previous versions. Update to a fixed version or apply hotfix.

McAfee SSL VPN: Secunia reports at least 6 highly critical vulnerabilities in McAfee’s SSL VPN (formerly Stonesoft SSL VPN reported in version 1.5.204. Other versions may also be affected. No official solution is currently available.

VMware vSphere: Secunia reports VMware has released an update to vSphere to fix at least 6 moderately critical unpatched vulnerabilities reported in previous versions. Upgrade to version 2.0 and apply patch.