US-CERT Computer Security Advisories (4/19/2017): Chrome, Mozilla, Cisco & Drupal

US-CERT released the following computer security advisories yesterday:

Google Releases Security Updates for Chrome

Google has released Chrome version 58.0.3029.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker may exploit to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases(link is external) page and apply the necessary updates.

Mozilla Releases Security Updates

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisories for Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 and apply the necessary updates.

Cisco Releases Security Updates

Cisco has released updates to address several high-impact vulnerabilities affecting multiple products. These and other lower-impact vulnerabilities are listed at Cisco Security Advisories and Alerts(link is external). A remote attacker could exploit one of the high-impact vulnerabilities to cause a denial-of-service condition.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

• ASA Software DNS Denial-of-Service Vulnerability cisco-sa-20170419-asa-dns(link is external)
• ASA Software IPsec Denial-of-Service Vulnerability cisco-sa-20170419-asa-ipsec(link is external)
• ASA Software SSL/TLS Denial-of-Service Vulnerability cisco-sa-20170419-asa-tls(link is external)
• ASA Software Internet Key Exchange Version 1 XAUTH Denial-of-Service Vulnerability cisco-sa-20170419-asa-xauth(link is external)
• IOS and IOS XE Software EnergyWise Denial-of-Service Vulnerabilities cisco-sa-20170419-energywise(link is external)
• Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial-of-Service Vulnerability cisco-sa-20170419-fpsnort(link is external)
• Unified Communications Manager Denial-of-Service Vulnerability cisco-sa-20170419-ucm

Drupal Releases Security Updates

Drupal has released an advisory to address a vulnerability in Drupal core 8.x versions prior to 8.2.8 and 8.3.1. A remote attacker could exploit this vulnerability to obtain sensitive information.

US-CERT encourages users and administrators to review Drupal’s Security Advisory and upgrade to version 8.2.8 or 8.3.1.

SOURCE: US-CERT