Mises à jour importantes 2012 S18

=> OpenSSL Releases New Fix for CVE-2012-2110 ASN1 Bug. 24/04/2012. «The OpenSSL developers have had to re-release the fix for a serious vulnerability in the software’s ASN.1 implementation that could allow an attacker to cause a denial of service or potentially run arbitrary code on a remote machine. The updated fix only applies to version 0.9.8v; all of the other previously affected versions are already protected with the existing patc (…).»
Source : threatpost.com/en_us/blogs/openssl-releases-new-fix-cve-2012-2110-asn1-bug-042412
Billets en relation :
19/04/2012. OpenSSL Security Advisory – ASN1 BIO vulnerability (CVE-2012-2110) : www.openssl.org/news/secadv_20120419.txt

=> Firefox 12 disponible au téléchargement. 24/04/2012. «Firefox 12 est disponible au téléchargement. Cette nouvelle mouture limite l’intervention du contrôle du compte de l’utilisateur de Windows en cas de nouvelle mise à jour et résout un problème de performance affectant les utilisateurs sous Mac OS X (…).»
Source : www.numerama.com/magazine/22432-firefox-12-disponible-au-telechargement.html
Billets en relation :
23/04/2012. An update to site-identity in desktop Firefox : msujaws.wordpress.com/2012/04/23/an-update-to-site-identity-in-desktop-firefox/
24/04/2012. Security Advisories for Firefox : www.mozilla.org/security/known-vulnerabilities/firefox.html
25/04/2012. Firefox 12 : mises à jour silencieuses, 85 nouveautés, 1843 corrections de bogues : www.silicon.fr/firefox-12-mises-a-jour-silencieuses-85-nouveautes-1843-corrections-de-bogues-73982.html
26/04/2012. CERTA-2012-AVI-234 : www.certa.ssi.gouv.fr/site/CERTA-2012-AVI-234/CERTA-2012-AVI-234.html
30/04/2012. Non supporté, Firefox 3.6 sera mis à jour vers la version 12 début mai : www.pcinpact.com/news/70572-firefox-36-support-12-mise-a-jour.htm

=> WordPress 3.3.2 Addresses Setup XSS Vulnerabilities. 25/04/2012. «Last Friday, the WordPress team released version 3.3.2, which includes a number of security improvements. Some of these improvements addressed the cross-site scripting vulnerabilities identified in our January advisory. In reviewing the changes that contributed to this fix, we noticed that WordPress addressed the issue from more than one perspective and we will cover some of them in this post (…).»
Source : blog.spiderlabs.com/2012/04/wordpress-332-addresses-setup-xss-vulnerabilities.html
Billets en relation :
20/04/2012. WordPress 3.3.2 (and WordPress 3.4 Beta 3) : wordpress.org/news/2012/04/wordpress-3-3-2
23/04/2012. New Version of WordPress Fixes Slew of Security Bugs : threatpost.com/en_us/blogs/new-version-wordpress-fixes-slew-security-bugs-042312

=> Java 7 Update 4 and Java 6 Update 32 have released. 27/04/2012. «Java SE 7u4 and 6u32 are now available. These release includes bug fixes and performance enhancements. 7u4 also includes the first Oracle JDK release for Mac OS X. JavaFX 2.1 is now bundled with the JDK on Windows and Mac (…).»
Source : blogs.oracle.com/javase/entry/java_7_update_4_and
Billets en relation :
27/04/2012. Correction to Java Update Story : krebsonsecurity.com/2012/04/critical-java-patch-plugs-88-security-holes
27/04/2012. Oracle Java SE Update : securitygarden.blogspot.fr/2012/04/oracle-java-se-critical-security-update.html

=> New Tor Browser Bundles. 28/04/2012. «The Tor Browser Bundles have all been updated to the latest Firefox 12.0 as well as a number of other software updates, bugfixes, and new features. We’ve rebranded Firefox so it should now be more easy to distinguish between it and your normal Firefox. We’ve also added Korean and Vietnamese to the available languages (…).»
Source : blog.torproject.org/blog/new-tor-browser-bundles-16
Billets en relation :
02/05/2012. Tor Browser Bundle se met à jour et passe à Firefox 12 : www.pcinpact.com/breve/70609-tor-browser-firefox-vidalia-openssl.htm
02/05/2012. Firefox security bug (proxy-bypass) in current TBBs : blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs
03/05/2012. Tor Warns of Firefox Bug That Threatens User Privacy : threatpost.com/en_us/blogs/tor-warns-firefox-bug-threatens-user-privacy-050312
04/05/2012. Bug sur Firefox qui compromettrait le réseau Tor : www.crazyws.fr/securite/bug-sur-firefox-qui-compromettrait-le-reseau-tor-RFI30.html

=> Microsoft Security Bulletin Advance Notification for May 2012. 03/05/2012. «This is an advance notification of security bulletins that Microsoft is intending to release on May 8, 2012. (…).» La prochaine mise à jour windows (pour mardi).
Source : technet.microsoft.com/en-us/security/bulletin/ms12-may
Billets en relation :
03/05/2012. MS Patch Tuesday heads-up: 7 bulletins, 23 vulnerabilities : www.zdnet.com/blog/security/ms-patch-tuesday-heads-up-7-bulletins-23-vulnerabilities/11848
07/05/2012. Patch Tuesday de Microsoft : 23 failles et fuite chinoise : www.generation-nt.com/microsoft-securite-patch-tuesday-mai-fuite-exploit-mapp-actualite-1575881.html

=> Eindbazen PHP-CGI advisory (CVE-2012-1823). 03/05/2012. «PHP has been working on a patch for this for quite a while. We have been waiting to post this blog entry until a fix was released, but today the bug was posted to reddit because it was apparently accidentally marked public (…).»
Source : eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
Billets en relation :
27/04/2012. PHP 5.4.1 et PHP 5.3.11 disponibles : www.crazyws.fr/dev/php-et-php-11-disponibles-6Y6HI.html
03/05/2012. Faille de sécurité sur PHP 5.3 et 5.4 : binsec.blogspot.fr/2012/05/faille-de-securite-sur-php-53-et-54.html
03/05/2012. Serious Remote PHP Bug Accidentally Disclosed : threatpost.com/en_us/blogs/serious-remote-php-bug-accidentally-disclosed-05031
03/05/2012. PHP 5.3.12 and PHP 5.4.2 Released : www.php.net/index.php#id2012-05-03-1
04/05/2012. Vulnérabilité critique dans PHP via CGI : www.crazyws.fr/securite/vulnerabilite-critique-dans-php-via-cgi-TZLW1.html
04/05/2012. PHP Group Releases New Versions, But Patch Doesn’t Fix CVE-2012-1823 Bug : threatpost.com/en_us/blogs/php-group-releases-new-versions-fix-cve-2012-1863-flaw-050412
04/05/2012. Une importante faille de sécurité pour PHP 5.3 et 5.4 : www.tux-planet.fr/une-importante-faille-de-securite-pour-php-5-3-et-5-4/

=> Security update available for Adobe Flash Player. 04/05/2012. «Adobe released security updates for Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x (…).»
Source : www.adobe.com/support/security/bulletins/apsb12-09.html
Billets en relation :
04/05/2012. Critical Flash Update Fixes Zero-day Flaw : krebsonsecurity.com/2012/05/critical-flash-update-fixes-zero-day-flaw
04/05/2012. Adobe pushes patch for actively exploited Flash Player vulnerability : searchsecurity.techtarget.com/news/2240149759/Adobe-pushes-patch-for-actively-exploited-Flash-Player-vulnerability

=> Vulnérabilités sur les produits de VMware. 04/05/2012. «VMware a publié un avis de sécurité qui traite de failles de sécurité critiques dans différents produits tels que Workstation, Player, Fusion, ESXi et ESX. Il y a 5 failles qui y sont décrites (…).»
Source : www.crazyws.fr/securite/vulnerabilites-sur-les-produits-de-vmware-IL699.html
Billets en relation :
03/05/2012. VMSA-2012-0009 : www.vmware.com/security/advisories/VMSA-2012-0009.html

Billet précédent : «
Billet suivant : »