Posts

OS X Server v2.2.2 Security Update

Apple have released updates to their OS X Server. Some of the updates for the applications below fixes issues which may lead to arbitrary code execution, so it’s important to update as soon as possible through Software Update.
ClamAV
PostgreSQL
Wiki Server

More information: http://support.apple.com/kb/HT5892

WordPress Fixes Multiple Vulnerabilities With 3.6.1 Release

From the announcement post, this maintenance release addresses 13 bugs with version 3.6.

Additionally: Version 3.6.1 fixes three security issues:

Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE-2013-4338.
Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE-2013-4339.
Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij. CVE-2013-4340.

More information: http://codex.wordpress.org/Version_3.6.1

Oracle Patch Update April 2013

Oracle has released patch information for their April 2013 updates. This contains 128 security patches, with a lot of them being critical and for Java! Because of this, we advice users to update their applications as soon as possible!

Security vulnerabilities addressed by this Critical Patch Update affect the following products:

Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Application Express, versions prior to 4.2.1
Oracle Containers for J2EE, version 10.1.3.5
Oracle COREid Access, version 10.1.4.3
Oracle GoldenGate Veridata, version 3.0.0.11
Oracle HTTP Server, versions 10.1.3.5.0, 11.1.1.5.0, 11.1.1.6.0
Oracle JRockit, versions R27.7.4 and earlier, R28.2.6 and earlier
Oracle Outside In Technology, versions 8.3.7, 8.4.0
Oracle WebCenter Capture, version 10.1.3.5.1
Oracle WebCenter Content, versions 10.1.3.5.1, 11.1.1.6.0
Oracle WebCenter Interaction, versions 6.5.1, 10.3.3.0
Oracle WebCenter Sites, versions 7.6.2, 11.1.1.6.0, 11.1.1.6.1
Oracle WebLogic Server, versions 10.0.2, 10.3.5, 10.3.6, 12.1.1
Oracle Web Services Manager, version 11.1.1.6
Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Agile EDM, versions 6.1.1.0, 6.1.2.0, 6.1.2.2
Oracle Transportation Management, versions 5.5.05, 6.2
Oracle PeopleSoft HRMS, version 9.1
Oracle PeopleSoft PeopleTools, versions 8.51, 8.52, 8.53
Oracle Siebel CRM, versions 8.1.1, 8.2.2
Oracle Clinical Remote Data Capture Option, versions 4.6.0, 4.6.6
Oracle Retail Central Office, versions 13.1, 13.2, 13.3, 13.4
Oracle Retail Integration Bus, versions 13.0, 13.1, 13.2
Oracle FLEXCUBE Direct Banking, versions 2.8.0 – 12.0.1
Primavera P6 Enterprise Project Portfolio Management, versions 7.0, 8.1, 8.2
Oracle and Sun Systems Product Suite
Oracle Sun Middleware Products
Oracle MySQL Server, versions 5.1, 5.5, 5.6
Oracle Automatic Service Request, versions prior to 4.3.2

More information: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

Security updates available for Adobe Flash Player, ColdFusion and Shockwave Player

Adobe has announced security updates to their Flash Player, ColdFusion and Shockwave Player families. Users are adviced to update as soon as they can to avoid being exploited.

More information: http://blogs.adobe.com/psirt/2013/04/adobe-security-bulletins-posted-5.html