فا

‫ اخبار

صفحات: « 1 2 3 4 5 ... » »»
نتایج جستجو براساس برچسب: «راهنمایی امنیتی آرشیو»
چندين آسيب پذيري در Mozilla SeaMonkey

شماره: IRCAD2015114135

تاريخ انتشار: 2015-10-28

ميزان حساسيت: بسيار مهم

نرم افزارهاي تحت تاثير:

Mozilla SeaMonkey 2.x

توضيح:

يك ضعف و تعدادي آسيب پذيري در Mozilla SeaMonkey گزارش شده است كه تاثير برخي از آن ها ناشناخته استو برخي ديگر مي تواند توسط افراد خرابكار مورد سوء استفاده قرار بگيرد تا حملات جعل كردن را هدايت نمايند، محدوديت هاي امنيتي خاص را دور زنند، اطلاعات حساس را افشاء نمايند و كنترل يك سيستم كاربر را در اختيار بگيرد.

اين ضعف و آسيب پذيري ها در نسخه هاي پيش از 2.38 گزارش شده است.

راهكار:

به نسخه 2.38 به روز رساني نماييد.

منابع:

https://www.mozilla.org/en-US/security/advisories/mfsa2015-96

https://www.mozilla.org/en-US/security/advisories/mfsa2015-97

https://www.mozilla.org/en-US/security/advisories/mfsa2015-98

https://www.mozilla.org/en-US/security/advisories/mfsa2015-101

https://www.mozilla.org/en-US/security/advisories/mfsa2015-103

https://www.mozilla.org/en-US/security/advisories/mfsa2015-104

https://www.mozilla.org/en-US/security/advisories/mfsa2015-105

https://www.mozilla.org/en-US/security/advisories/mfsa2015-106

https://www.mozilla.org/en-US/security/advisories/mfsa2015-107

https://www.mozilla.org/en-US/security/advisories/mfsa2015-108

https://www.mozilla.org/en-US/security/advisories/mfsa2015-109

https://www.mozilla.org/en-US/security/advisories/mfsa2015-110

https://www.mozilla.org/en-US/security/advisories/mfsa2015-111

https://www.mozilla.org/en-US/security/advisories/mfsa2015-112

https://www.mozilla.org/en-US/security/advisories/mfsa2015-113

Secunia:

https://secunia.com/advisories/67060/

24 آبان 1394 برچسب‌ها: راهنمایی امنیتی آرشیو
آسيب پذيري تخريب حافظه در مديريت rcsL Atom در Adobe Shockwave Player

شماره: IRCAD2015114134

تاريخ انتشار: 2015-10-27

ميزان حساسيت: بسيار مهم

نرم افزارهاي تحت تاثير:

Adobe Shockwave Player 12.x

توضيح:

آزمايشگاه FortiGuard يك آسيب پذيري را در Adobe Shockwave Player گزارش داده است كه مي تواند توسط افراد خرابكار مورد سوء استفاده قرار بگيرد تا كنترل يك سيستم كاربر را در اختيار بگيرد.

اين آسيب پذيري به علت يك خطا هنگام مديريت rcsL Atom ايجاد شده است كه مي تواند براي تخريب حافظه مورد سوء استفاده قرار بگيرد.

سوء استفاده موفقيت آميز ممكن است منجر به اجراي كد دلخواه شود.

اين آسيب پذيري در نسخه 12.2.0.162 و نسخه هاي پيش از آن در حال اجرا بر روي ويندوز و مكينتاش گزارش شده است.

راهكار:

به نسخه 12.2.1.171 به روز رساني كنيد.

منابع:

APSB15-26:

https://helpx.adobe.com/security/products/shockwave/apsb15-26.html

Fortinet's FortiGuard Labs:

http://www.fortiguard.com/advisory/fortinet-discovers-adobe-shockwave-player-rcsl-atom-handling-memory-corruption-vulnerability

Secunia:

https://secunia.com/advisories/67086/


24 آبان 1394 برچسب‌ها: راهنمایی امنیتی آرشیو
جدول آخرين به روز رساني ها و آسيب پذيري هاي نرم افزارهاي پركاربرد در كشور

جدول آخرين به روز رساني ها و آسيب پذيري هاي نرم افزارهاي پركاربرد در كشور

13 آبان 1394 برچسب‌ها: راهنمایی امنیتی آرشیو
Red Hat update for java-1.8.0-oracle

ID: IRCAD2015104133

Release Date: 2015-10-23

Software:

Oracle Java for Red Hat Enterprise Linux Desktop (v. 6)

Oracle Java for Red Hat Enterprise Linux Desktop (v. 7)

Oracle Java for Red Hat Enterprise Linux HPC Node (v. 6)

Oracle Java for Red Hat Enterprise Linux HPC Node (v. 7)

Oracle Java for Red Hat Enterprise Linux Server (v. 6)

Oracle Java for Red Hat Enterprise Linux Server (v. 7)

Oracle Java for Red Hat Enterprise Linux Workstation (v. 6)

Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)

Description:

Red Hat has issued an update for java-1.8.0-oracle. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution

Updated packages are available via the Red Hat Network.

https://rhn.redhat.com

References:

RHSA-2015:1926-1:

https://rhn.redhat.com/errata/RHSA-2015-1926.html

Secunia:

https://secunia.com/advisories/67072/

13 آبان 1394 برچسب‌ها: راهنمایی امنیتی آرشیو
Red Hat update for java-1.7.0-oracle

ID: IRCAD2015104132

Release Date: 2015-10-23

Software:

Oracle Java for Red Hat Enterprise Linux Desktop (v. 6)

Oracle Java for Red Hat Enterprise Linux Desktop (v. 7)

Oracle Java for Red Hat Enterprise Linux HPC Node (v. 6)

Oracle Java for Red Hat Enterprise Linux HPC Node (v. 7)

Oracle Java for Red Hat Enterprise Linux Server (v. 6)

Oracle Java for Red Hat Enterprise Linux Server (v. 7)

Oracle Java for Red Hat Enterprise Linux Workstation (v. 6)

Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)

Oracle Java for RHEL (v. 5 server)

Oracle Java for RHEL Desktop (v. 5 client)

Description:

Red Hat has issued an update for java-1.7.0-oracle. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution

Updated packages are available via the Red Hat Network.

https://rhn.redhat.com

References:

RHSA-2015:1927-1:

https://rhn.redhat.com/errata/RHSA-2015-1927.html

Secunia:

https://secunia.com/advisories/67070/

13 آبان 1394 برچسب‌ها: راهنمایی امنیتی آرشیو
Google Chrome Adobe Flash Player Multiple Vulnerabilities

ID: IRCAD2015104131

Release Date: 2015-10-23

Software:

Google Chrome 46.x

Description:

Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to the application bundling a vulnerable version of Adobe Flash Player.

The vulnerabilities are reported in versions prior to 46.0.2490.80.

Solution

Update to version 46.0.2490.80.

References:

http://googlechromereleases.blogspot.com/2015/10/stable-channel-update_22.html

Secunia:

https://secunia.com/advisories/67058/

13 آبان 1394 برچسب‌ها: راهنمایی امنیتی آرشیو
Apple iOS Multiple Vulnerabilities

ID: IRCAD2015104130

Release Date: 2015-10-22

Software:

Apple iOS 9.x

Description:

Multiple security issues and some vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to disclose potentially sensitive information and by malicious people to manipulate certain data, bypass certain security restrictions, and compromise a vulnerable device.

1) An error when handling the "Show on Lock Screen" feature within the Notification component can be exploited to disclose otherwise restricted Phone and Messages notifications.

2) An error when verifying a OCSP certificate within the OCSP client can be exploited to make an otherwise restricted, revoked certificate appear valid.

3) An error when handling kSecRevocationRequirePositiveResponse flag during revocation checks can be exploited to make an otherwise restricted trust evaluation succeed.

4) An unspecified error exists in WebKit, which can be exploited to cause memory corruption.

5) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

6) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

The security issues and the vulnerabilities are reported in versions prior to 9.1.

Solution

Update to version 9.1.

References:

APPLE-SA-2015-10-21-1:

https://support.apple.com/kb/HT205370

Secunia:

https://secunia.com/advisories/66968/

13 آبان 1394 برچسب‌ها: راهنمایی امنیتی آرشیو
Apple Safari WebKit Multiple Vulnerabilities

ID: IRCAD2015104129

Release Date: 2015-10-22

Software:

Apple Safari 9.x

Description:

Multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error exists in WebKit, which can be exploited to cause memory corruption.

2) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

3) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

4) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

5) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

6) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

7) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

8) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

9) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 9.0.1.

Solution

Update to version 9.0.1.

References:

APPLE-SA-2015-10-21-3:

https://support.apple.com/en-au/HT205377

Secunia:

https://secunia.com/advisories/66966/

13 آبان 1394 برچسب‌ها: راهنمایی امنیتی آرشیو
Apple iTunes Multiple Vulnerabilities

ID: IRCAD2015104128

Release Date: 2015-10-22

Software:

Apple iTunes 12.x

Description:

Multiple vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error when processing text files can be exploited to cause memory corruption.

2) Another unspecified error when processing text files can be exploited to cause memory corruption.

3) Another unspecified error when processing text files can be exploited to cause memory corruption.

Successful exploitation of the vulnerabilities #1 through #3 may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 12.3.1 running on Windows.

Solution

Update to version 12.3.1.

References:

APPLE-SA-2015-10-21-5:

https://support.apple.com/en-us/HT205372

Secunia:

https://secunia.com/advisories/66960/

13 آبان 1394 برچسب‌ها: راهنمایی امنیتی آرشیو
Oracle Linux update for java-1.7.0-openjdk

ID: IRCAD2015104126

Release Date: 2015-10-22

Software:

Oracle Linux 5

Oracle Linux 6

Description:

Oracle Linux has issued an update for java-1.7.0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution

Apply updated packages via the yum or rpm utility (please see the vendor's advisory for the packages).

References:

ELSA-2015-1920:

http://linux.oracle.com/errata/ELSA-2015-1920.html

ELSA-2015-1921:

http://linux.oracle.com/errata/ELSA-2015-1921.html

Secunia:

https://secunia.com/advisories/66975/

13 آبان 1394 برچسب‌ها: راهنمایی امنیتی آرشیو
صفحات: « 1 2 3 4 5 ... » »»