Vulnerabilita’ multiple in Mozilla Firefox

Inserito da 11 Marzo, 2016 (0) Commenti

Si tratta di :ICT and Computer Security,Sicurezza

:: Descrizione del problema

Sono state riscontrate varie vulnerabilità in Mozilla Firefox per
mezzo delle quali un utente remoto puo’: causare l’esecuzione di codice
arbitrario, causare condizioni di denial of service, modificare file
nel sistema vittima, scavalcare le restrizioni same-origin, mascherare
le URL nella barra degli indirizzi.

mozilla_firefox_logo

Per una descrizione completa delle vulnerabilita’ consultare le
segnalazioni ufficiali.

:: Piattaforme e Software interessati

Mozilla Firefox e Firefox ESR versioni precedenti la 45 e 38.6.1
su Linux, Unix e Windows

:: Impatto

Accesso alle informazioni utente
Accesso alle informazioni di sistema
Esecuzione remota di codice arbitrario
Denial of service

:: Soluzione

Aggiornare Mozilla Firefox alle versioni:
Firefox 45
Firefox ESR 38.6.1

:: Riferimenti

Mozilla Foundation Security Advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-32/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/

Security Tracker
http://securitytracker.com/id/1035215

Redhat
http://rhn.redhat.com/errata/RHSA-2016-0371.html

Oracle
http://linux.oracle.com/errata/ELSA-2016-0371.html

Ubuntu
http://www.ubuntu.com/usn/usn-2917-1

I riferimenti CVE sono disponibili
nelle segnalazioni originali.

Fonte Garr

Categories : ICT and Computer Security,Sicurezza Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Oracle Critical Patch Update (Ottobre 2008)

Inserito da 16 Ottobre, 2008 (0) Commenti

Si tratta di :Sicurezza

Descrizione del problema

Oracle ha rilasciato una Critical Patch Update Ottobre 2008.
Tale aggiornamento e’ una collezione di patch nata per porre
soluzione a 36 difetti di sicurezza presenti in vari prodotti
Oracle.

:: Software interessato

Oracle Database 11g, version 11.1.0.6
Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3, 10.2.0.4
Oracle Database 10g, version 10.1.0.5
Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV

Oracle Application Server 10g Release 3 (10.1.3), versions
10.1.3.3.0, 10.1.3.4.0
Oracle Application Server 10g Release 2 (10.1.2), versions
10.1.2.2.0, 10.1.2.3.0
Oracle Application Server 10g (9.0.4), version 9.0.4.3

Oracle E-Business Suite Release 12, version 12.0.4
Oracle E-Business Suite Release 11i, version 11.5.10.2

Oracle PeopleSoft Enterprise PeopleTools versions 8.48.18, 8.49.14
Oracle PeopleSoft Enterprise Portal versions 8.9, 9.0

Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0 released
through MP1, 10.3 GA
Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0 GA, 9.1 GA,
9.2 released through MP3
Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1 released
through SP6
Oracle WebLogic Server (formerly BEA WebLogic Server) 7.0 released
through SP7
Oracle WebLogic Server (formerly BEA WebLogic Server) 6.1 released
through SP7

Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop) 10.0
released through MP1, 10.2 GA, 10.3 GA
Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop) 9.0,
9.1, 9.2 released through MP3
Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop) 8.1
released through SP6

:: Impatto

Security Bypass
Exposure of sensitive information
Privilege escalation
DoS
System access

L’impatto delle vulnerabilita’ varia in base alla configurazione
del sistema, del prodotto o della componente considerata.

:: Soluzioni

Applicare le patch appropriate o procedere all’opportuno
aggiornamento secondo le istruzioni rilasciate da Oracle:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html

:: Riferimenti

Oracle Critical Patch Updates and Security Alerts
http://www.oracle.com/technology/deploy/security/alerts.htm

SecurityFocus
http://www.securityfocus.com/bid/31683

Mitre’s CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3980
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3991

Categories : Sicurezza Tags : , , , , , , , , , , , , , , , , , , ,

Alert GCSA-08042 – Oracle Critical Patch Update (Aprile 2008)

Inserito da 18 Aprile, 2008 (0) Commenti

Si tratta di :Sicurezza

Descrizione del problema

Oracle ha rilasciato una Critical Patch Update per il mese
di Aprile 2008.
Tale aggiornamento e’ una collezione di patch nata per porre soluzione
a 41 difetti di sicurezza presenti in vari prodotti Oracle. La piu’
critica tra le vulnerabilita’ puo’ portare alla compromissione di
sistema.

Categories : Sicurezza Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,