For this month, Adobe issued a number of updates to fix multiple security vulnerabilities in eight of its products. A total of 43 flaws were patched. Adobe’s Acrobat and Reader had the highest number (21) with 11 flaws deemed to be critical.
Critical flaws included arbitrary code execution which resulted due to other vulnerabilities such as memory corruption, out-of-bounds write, free-after use, etc, in some of the products. Following is the list of security bulletins published for the affected products.
Users of these software are advised to keep them updated with the latest versions recommended in the bulletins.
Cisco patched two critical vulnerabilities found in its cloud software Hyperflex last week. In addition, follow-up security updates were released for its RV320/RV325 routers. The previous updates did not fix the issue correctly, which rendered the devices vulnerable again.
Below are the security advisories published by Cisco that also has instructions to update the respective products with the patch.
Intel has published four security advisories this week. These advisories address major security vulnerabilities present in its products. Vulnerabilities include privilege escalation, information disclosure, and denial-of-service flaws. The flaw in Intel’s Media Software Development Kit (SDK) was marked as most severe.
Following are the advisories issued by Intel. All the flaws are patched through an update cited in the advisory.
Microsoft has rolled out a massive security update bundle this month. The updates patch numerous security flaws present across its own range of software. Flaws mostly involved remote code execution and information disclosure vulnerabilities. As a matter of fact, 74 flaws were found in Windows and Office in itself and were remedied through updates.
Other software products that are patched includes Adobe Flash Player, Internet Explorer, Microsoft Edge, ChakraCore ASP.NET, Microsoft Exchange Server, Team Foundation Server, Azure DevOps Server, Open Enclave SDK, and Windows Admin Center.
Microsoft users can download all the security updates from here.
As part of its Security Patch Day for April, SAP has released six security notes to address major flaws in its software services. The flaws could have led to information disclosure, digital signature spoofing, or XML External Entity(XXE) attacks in certain SAP processes.
SAP Crystal Reports (Version - 2010), SAP NetWeaver Process Integration (Versions - 710 to 711, 730, 731, 740, 750), SAP BASIS ( Versions - 700 to 702, 710 to 730, 731, 740, 750 to 753 and SAP HANA (Versions - 1.0, 2.0) are the affected platforms. Users of SAP are suggested to run the latest version referenced in the security notes. They can be found here.
Ubuntu published nine security advisories this week to address multiple flaws that existed in various software. Programs include GNU Wget, OpenJDK, Clam AntiVirus, systemd suite, and Samba. Almost all flaws in these programs could lead to denial-of-service attacks.
Following are the advisories issued by Ubuntu that address the flaws. Affected Ubuntu versions are mentioned next to them.