| Apr 11, 2011 |
VideoLAN Issues Security Advisory VideoLAN has issued a security advisory to alert users of a vulnerability affecting VLC Media Player versions 1.0.0 through 1.1.8. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review VideoLAN Security Advisory 1103 and implement the workarounds provided in the advisory until a fix is available from the vendor. US-CERT will provide additional information as it becomes available. |
| Apr 08, 2011 |
ISC dhclient Vulnerability The Internet Systems Consortium (ISC) has released an advisory to address a vulnerability in its dhclient application. This vulnerability may allow a remote attacker to execute arbitrary code on the client machine. US-CERT encourages administrators of this product to review the ISC advisory. Users of ISC DHCP from the original source distribution should upgrade to ISC DHCP version 3.1-ESV-R1, 4.1-ESV-R2, or 4.2.1-P1. Users who obtain ISC DHCP from a third-party vendor, such as their operating system vendor, should check with their software vendor for updated versions. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#107886. |
| Apr 08, 2011 |
Microsoft Releases Advance Notification for April Security Bulletin Microsoft has issued a Security Bulletin Advance Notification indicating its April release will contain 17 bulletins. Nine of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer and Office. The remaining bulletins will have the severity rating of important and will be for Microsoft Windows, Office, Server Software, and Developer Tools and Software. Release of these bulletins is scheduled for Tuesday, April 12, 2011. US-CERT will provide additional information as it becomes available. |
| Apr 06, 2011 |
WordPress Releases Version 3.1.1 WordPress has released WordPress 3.1.1 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to conduct cross-site request forgery attacks, conduct cross-site scripting attacks, or cause a denial-of-service condition. US-CERT encourages users and administrators to review the WordPress article for the release of WordPress 3.1.1 and apply any necessary updates to help mitigate the risks. |
| Apr 01, 2011 |
RealNetworks, Inc. Releases Update for Helix Server and Helix Mobile Server RealNetworks, Inc. has released a security update for multiple vulnerabilities affecting Helix Server and Helix Mobile Server. The vulnerabilities affect versions 12.x, 13.x, and 14.x of Helix Server and Helix Mobile Server installed on Red Hat Enterprise Linux 5, Sun Solaris 10, Windows 2003, and Windows 2008 platforms. Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service attack. US-CERT encourages administrators to review the March 31, 2011 Security Update for Helix Server and Helix Mobile Server (PDF) and apply the necessary updates to mitigate the risks. |
| Mar 30, 2011 |
Cisco Releases Security Advisory for Secure Access Control System (ACS) Cisco has released a security advisory to address a vulnerability in some versions of Cisco Secure Access Control System (ACS). This vulnerability may allow an attacker to change the password of a user account without any previous access to the user's account or knowledge of the account's previous password. US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20110330-acs and apply any necessary updates to help mitigate the risks. |
| Mar 25, 2011 |
VideoLAN Releases VLC Media Player 1.1.8 VideoLAN has released VLC Media Player 1.1.8 to address two vulnerabilities. These vulnerabilities are due to the improper handling of .AMV and .NSV files. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the release notes for VLC Media Player 1.1.8 and apply any necessary updates to help mitigate the risks. |
| Mar 25, 2011 |
Google Releases Chrome 10.0.648.204 Google has released Chrome 10.0.648.204 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks. |
| Mar 23, 2011 |
Fraudulent SSL Certificates US-CERT is aware of public reports of the existence of fraudulent SSL certificates. These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website. Multiple web browser vendors have provided updates to recognize and block these fraudulent SSL certificates. Mozilla has updated Firefox 4.0, 3.6, and 3.5. Additional information can be found in the Mozilla Security Blog. Microsoft has released updates for various platforms in Microsoft Knowledge Base Article 2524375. Additional information can be found in Microsoft Security Advisory 2524375. US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. US-CERT will provide additional information as it becomes available. |
| Mar 22, 2011 |
Apple Releases Security Updates Apple has released Mac OS X v10.6.7 and Security Update 2011-001 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and administrators to review Apple article HT4581 and apply any necessary updates to help mitigate the risks. |