Weekly Patch and Update Summary for Week of November 4, 2016
By Kimberly Matsumoto on November 3, 2016
For all patches and updates listed below please use the appropriate updating methods for your system. It is advised that you patch and update your system as soon as possible.
Adobe
Adobe has released a security update for a vulnerability found in Flash Player. This vulnerability may allow a remote attacker to gain control of a system. For more information, please see Adobe Security Bulletin APSB16-36.
Apple
Apple has released security updates for vulnerabilities found in multiple products. Some of these vulnerabilities may allow a remote attacker to gain control of a system.
List of Updates:
Cisco
Cisco has released several updates to address vulnerabilities found in multiple products. Some of these vulnerabilities may allow a remote attacker to gain control of a system.
List of Updates:
- Cisco-sa-20161102-tl1 Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability
- Cisco-sa-20161102-cph Cisco Prime Home Authentication Bypass Vulnerability
- Cisco-sa-20161102-cms1 Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability
- Cisco-sa-20161102-cms Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability
- Cisco-sa-20161026-linux Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
- Cisco-sa-20161102-tp Cisco TelePresence Endpoints Local Command Injection Vulnerability Cisco-sa-20161102-n9kapic Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability
- Cisco-sa-20161102-esa Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability
- Cisco-sa-20161102-asr Cisco ASR 5500 Series with DPC2 Cards SESSMGR Denial of Service Vulnerability
- Cisco-sa-20161026-esawsa3 Cisco Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability
- Cisco-sa-20160831-meetings-player – Cisco WebEx Meetings Player
- Cisco-sa-20161026-ise Identity Services Engine SQL Injection Vulnerability
- Cisco-sa-20161026-linux Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
- Cisco-sa-20161026-esa1 Email Security Appliance Malformed DGN File Attachment Denial of Service Vulnerability
- Cisco-sa-20161026-esa2 Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability
- Cisco-sa-20161026-esa3 Email Security Appliance Corrupted Attachment Fields Denial of Service Vulnerability
- Cisco-sa-20161026-esa4 Email Security Appliance Quarantine Email Rendering Vulnerability
- Cisco-sa-20161026-esa5 Email Security Appliance Drop Bypass Vulnerability
- Cisco-sa-20161026-esa6 Email Security Appliance FTP Denial of Service Vulnerability
- Cisco-sa-20161026-esawsa1 Email and Web Security Appliance Malformed MIME Header Vulnerability
- Cisco-sa-20161026-esawsa2 Email and Web Security Appliance MIME Header Bypass Vulnerability
- Cisco-sa-20161026-esawsa3 Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability
- Cisco-sa-20161026-hcmf Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability
- Cisco-sa-20161026-ipics IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vulnerability
- Cisco-sa-20161026-ipics1 IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability
- Cisco-sa-20161026-ipics2 IP Interoperability and Collaboration System Command-Line Interface Privilege Escalation Vulnerability
- Cisco-sa-20161026-pcp Prime Collaboration Provisioning Cross-Site Scripting Vulnerability
The Internet Systems Consortium (ISC)
The Internet Systems Consortium has released updates to address a vulnerability found in BIND. This vulnerability may allow a remote attacker to gain control of a system.
List of Updates:
- BIND 9 version 9.9.9-P4
- BIND 9 version 9.10.4-P4
- BIND 9 version 9.11.0-P1
- BIND 9 version 9.9.9-S6
For more information, please see ISC Knowledge Base Article AA-01434.
Google has released Chrome version 54.0.2840.87 for Windows and Mac. They have also released version 54.0.2840.90 for Linux. These versions address a vulnerability that may allow a remote attacker to create a denial-of-service. For more information, please see Chrome Releases.
Joomla!
Joomla! Has released an update to its Content Management System (CMS) to address multiple vulnerabilities. Some of these vulnerabilities may allow a remote attacker to gain control of a system. For more information, please see Joomla! 3.6.4 Released.
Ubuntu
Canonical has released many security updates for their operating system Ubuntu. For more information please see Ubuntu Security Notices.
List of Updates:
- USN-3123-1: curl vulnerabilities
- USN-3122-1: NVIDIA graphics drivers vulnerabilities
- USN-3121-1: OpenJDK 8 vulnerabilities
- USN-3113-1: Oxide vulnerabilities
- USN-3120-1: Memcached vulnerabilities
- USN-3119-1: Bind vulnerability
- USN-3118-1: Mailman vulnerabilities
- USN-3117-1: GD library vulnerabilities
- USN-3116-1: DBus vulnerabilities
- USN-3115-1: Django vulnerabilities
- USN-3112-1: Thunderbird vulnerabilities
- USN-3111-1: Firefox vulnerabilities
- USN-3114-2: nginx regression
- USN-3114-1: nginx vulnerability
- USN-3110-1: Quagga vulnerability
- USN-3109-1: MySQL vulnerabilities
- USN-3107-2: Linux kernel (Raspberry Pi 2) vulnerability