Tagged: us cert

VU#772447: ffmpeg and Libav cross-domain information disclosure vulnerability 0

VU#772447: ffmpeg and Libav cross-domain information disclosure vulnerability

Vulnerability Note VU#772447 ffmpeg and Libav cross-domain information disclosure vulnerability Original Release date: 20 Jan 2016 | Last revised: 20 Jan 2016 Overview ffmpeg is a “cross-platform solution to record, convert and stream audio and video”. ffmpeg is vulnerable to local file disclosure due to improper enforcement of domain restrictions when processing playlist files

Linux Kernel Vulnerability 0

Linux Kernel Vulnerability

Original release date: January 19, 2016 US-CERT is aware of a Linux kernel vulnerability affecting Linux PCs and servers and Android-based devices. Exploitation of this vulnerability may allow an attacker to take control of an affected system

IRS Releases Ninth Security Tip 0

IRS Releases Ninth Security Tip

Original release date: January 19, 2016 The Internal Revenue Service (IRS) has released the ninth in a series of tips intended to help the public protect personal and financial data online and at home. This tip describes new procedures taken by the IRS, state governments, and the tax industry to provide a safer, more secure filing environment for taxpayers. Recommendations include new password standards, security questions, out-of-band email verification, and a lockout feature

OpenSSH Client Vulnerability 0

OpenSSH Client Vulnerability

Original release date: January 14, 2016 OpenSSH version 7.1p2 has been released to address vulnerabilities in versions 5.4 through 7.1p1. Exploitation of one of these vulnerabilities may allow a remote attacker to obtain sensitive information from an affected system. Users and administrators are encouraged to review the OpenSSH Release Notes and Vulnerability Note VU#456088 and apply the necessary update.

VU#456088: OpenSSH Client contains a client information leak vulnerability and buffer overflow 0

VU#456088: OpenSSH Client contains a client information leak vulnerability and buffer overflow

Vulnerability Note VU#456088 OpenSSH Client contains a client information leak vulnerability and buffer overflow Original Release date: 14 Jan 2016 | Last revised: 14 Jan 2016 Overview OpenSSH client code versions 5.4 through 7.1p1 contains a client information leak vulnerability that could allow an OpenSSH client to leak information not limited to but including private keys, as well as a buffer overflow in certain non-default configurations.

Adobe Releases Security Updates for Acrobat and Reader 0

Adobe Releases Security Updates for Acrobat and Reader

Original release date: January 12, 2016 Adobe has released security updates to address multiple vulnerabilities in Acrobat and Reader. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB16-02 and apply the necessary updates

SB16-011: Vulnerability Summary for the Week of January 4, 2016 0

SB16-011: Vulnerability Summary for the Week of January 4, 2016

Original release date: January 11, 2016 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information.

SB16-011: Vulnerability Summary for the Week of January 4, 2015 0

SB16-011: Vulnerability Summary for the Week of January 4, 2015

Original release date: January 11, 2016 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT).