Chrome update contains Security fixes
On Thursday, July 16, Google Chrome 2.0.172.37 was released, it fixed what Google calls a Critical severity vulnerability, Memory corruption in the browser process, and a High severity vulnerability, Heap overflow with Javascript regular expressions. They report the vulnerabilities were identified by the "Google Chrome security team".
Stable, Beta update: Bug fixes
From the Mailbag - taking Oracle and it's CPU to task
As a follow up to a previous Diary (Oracle Black Tuesday) we had a Storm Center participant, Brian, offer some comments about Oracle's CPU.
Brian said "Regarding your comment on Oracle Black Tuesday, I have several observations that may benefit other ISC readers.
The exposure of Oracle's CPU goes far beyond the database as they have expanded significantly into many other software, including key security management software (Identity Management/Authentication).
As Oracle repackages several open source products, administrators are stuck choosing between security and support. For example, the recent patches to Apache's http server can't be applied because Oracle repackages that product as Oracle HTTP Server. Apply the patches and you're no longer supported.
Oracle has got to find a way to make the CPU analysis easier. The decision matrix an administrator has to go through is obscene. I conducted an analysis of a recent CPU for our environment and it took me over a week solid to determine what the exposure was and what the pre-requisites for the CPU patches were. And that doesn't include the support time and outages because Oracle's documentation was incorrect. As a user community, we need to push Oracle to make this process simpler (think up2date or YaST or even Windows Update)".
Thanks for the sending in your thoughts Brian. Banding together and working with the vendor is always effective. So if there is already a group of customers that have banded together to work effectively with Oracle, let us know some of the groups specifics and I'll update the diary.
In addition to the previous Diary's comment about the lack of substantial vulnerability information for non-customers, it should be noted that Oracle's public Critical Patch Update Advisory - July 2009 has a section called the Patch Availability Table and Risk Matrices, each products Matrix provides CVSS information that can help both customers and non-customers prioritize Oracle CPU's for deployment.
Vulnerability in FireFox 3.5.1 confirmed, exploit PoC, no patch
Various analysts and sites have recently confirmed a vulnerability is present in FireFox 3.5.1 that has had exploit PoC released. When exploited, the vulnerability can lead to system compromise or induce a DOS. No Patch is available.
Mozilla Firefox 3.5 Unicode Data Remote Stack Buffer Overflow Vulnerability
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago