US-CERT released the following computer security advisories yesterday:
Google Releases Security Updates for Chrome
Google has released Chrome version 58.0.3029.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker may exploit to take control of an affected system.
Users and administrators are encouraged to review the Chrome Releases(link is external) page and apply the necessary updates.
Mozilla Releases Security Updates
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.
Cisco Releases Security Updates
Cisco has released updates to address several high-impact vulnerabilities affecting multiple products. These and other lower-impact vulnerabilities are listed at Cisco Security Advisories and Alerts(link is external). A remote attacker could exploit one of the high-impact vulnerabilities to cause a denial-of-service condition.
Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:
- ASA Software DNS Denial-of-Service Vulnerability cisco-sa-20170419-asa-dns(link is external)
- ASA Software IPsec Denial-of-Service Vulnerability cisco-sa-20170419-asa-ipsec(link is external)
- ASA Software SSL/TLS Denial-of-Service Vulnerability cisco-sa-20170419-asa-tls(link is external)
- ASA Software Internet Key Exchange Version 1 XAUTH Denial-of-Service Vulnerability cisco-sa-20170419-asa-xauth(link is external)
- IOS and IOS XE Software EnergyWise Denial-of-Service Vulnerabilities cisco-sa-20170419-energywise(link is external)
- Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial-of-Service Vulnerability cisco-sa-20170419-fpsnort(link is external)
- Unified Communications Manager Denial-of-Service Vulnerability cisco-sa-20170419-ucm
Drupal Releases Security Updates
Drupal has released an advisory to address a vulnerability in Drupal core 8.x versions prior to 8.2.8 and 8.3.1. A remote attacker could exploit this vulnerability to obtain sensitive information.