Category: SANS Internet Storm Center

Adobe Flash Update Available for CVE-2015-0311 & -0312, (Wed, Jan 28th) 0

Adobe Flash Update Available for CVE-2015-0311 & -0312, (Wed, Jan 28th)

Adobe has released an update to the Flash vulnerability CVE-2015-0311 discussed earlier this week here on the ISC . The update released from Adobe addresses Flash vulnerabilities documented in CVE-2015-0311 CVE-2015-0312, which now has exploits being seen in the wild. Given that we are seeing exploits in the wild, the criticality of this exploit should be re-evaluated for prioritization and implementation.

New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST), (Tue, Jan 27th) 0

New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST), (Tue, Jan 27th)

Qualys discovered a criticalbuffer overflow in the gethostbyname() and gethostbyname2() functions in glibc. According to the announcement by Qualys, they were able to create an in-house exploit that will execute arbitrary code via the Exim”> glibcbefore version 2.18 (released August ) is vulnerable. You can quickly check your glibc version by using ldd –version”> These glibc”> What should you do: Apply this update as soon as you see patched offered by your Linux/Unix distribution