Microsoft and Adobe release multiple security updates: Patch Tuesday - Week 2, April 2019
For this month, Adobe issued a number of updates to fix multiple security vulnerabilities in eight of its products. A total of 43 flaws were patched. Adobe’s Acrobat and Reader had the highest number (21) with 11 flaws deemed to be critical.
Critical flaws included arbitrary code execution which resulted due to other vulnerabilities such as memory corruption, out-of-bounds write, free-after use, etc, in some of the products. Following is the list of security bulletins published for the affected products.
- Adobe Acrobat and Reader
- Adobe Flash Player
- Adobe Shockwave player
- Adobe Dreamweaver
- Adobe XD
- Adobe InDesign
- Adobe Experience Manager Forms
- Adobe Bridge CC
Users of these software are advised to keep them updated with the latest versions recommended in the bulletins.
Cisco patched two critical vulnerabilities found in its cloud software Hyperflex last week. In addition, follow-up security updates were released for its RV320/RV325 routers. The previous updates did not fix the issue correctly, which rendered the devices vulnerable again.
Below are the security advisories published by Cisco that also has instructions to update the respective products with the patch.
- Cisco HyperFlex Software Command Injection Vulnerability
- Cisco HyperFlex Software Unauthenticated Root Access Vulnerability
- Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
- Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
Intel has published four security advisories this week. These advisories address major security vulnerabilities present in its products. Vulnerabilities include privilege escalation, information disclosure, and denial-of-service flaws. The flaw in Intel’s Media Software Development Kit (SDK) was marked as most severe.
Following are the advisories issued by Intel. All the flaws are patched through an update cited in the advisory.
- Intel NUC Advisory
- Intel Core Processors Memory Mapping Advisory
- Intel Graphics Performance Analyzer for Linux Advisory
- Intel Media SDK Advisory
Microsoft has rolled out a massive security update bundle this month. The updates patch numerous security flaws present across its own range of software. Flaws mostly involved remote code execution and information disclosure vulnerabilities. As a matter of fact, 74 flaws were found in Windows and Office in itself and were remedied through updates.
Other software products that are patched includes Adobe Flash Player, Internet Explorer, Microsoft Edge, ChakraCore ASP.NET, Microsoft Exchange Server, Team Foundation Server, Azure DevOps Server, Open Enclave SDK, and Windows Admin Center.
Microsoft users can download all the security updates from here.
As part of its Security Patch Day for April, SAP has released six security notes to address major flaws in its software services. The flaws could have led to information disclosure, digital signature spoofing, or XML External Entity(XXE) attacks in certain SAP processes.
SAP Crystal Reports (Version - 2010), SAP NetWeaver Process Integration (Versions - 710 to 711, 730, 731, 740, 750), SAP BASIS ( Versions - 700 to 702, 710 to 730, 731, 740, 750 to 753 and SAP HANA (Versions - 1.0, 2.0) are the affected platforms. Users of SAP are suggested to run the latest version referenced in the security notes. They can be found here.
Ubuntu published nine security advisories this week to address multiple flaws that existed in various software. Programs include GNU Wget, OpenJDK, Clam AntiVirus, systemd suite, and Samba. Almost all flaws in these programs could lead to denial-of-service attacks.
Following are the advisories issued by Ubuntu that address the flaws. Affected Ubuntu versions are mentioned next to them.
- USN-3943-2: Wget vulnerability - Ubuntu 12.04 ESM
- USN-3942-1: OpenJDK 7 vulnerability - Ubuntu 14.04 LTS
- USN-3943-1: Wget vulnerabilities - Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS and Ubuntu 14.04 LTS
- USN-3938-1: systemd vulnerability - Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS and Ubuntu 14.04 LTS.
- USN-3941-1: Lua vulnerability - Ubuntu 18.10, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS
- USN-3940-2: ClamAV vulnerabilities - Ubuntu 12.04 ESM
- USN-3939-2: Samba vulnerability - Ubuntu 12.04 ESM
- USN-3940-1: ClamAV vulnerabilities - Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS and Ubuntu 14.04 LTS.
- USN-3939-1: Samba vulnerability - Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS and Ubuntu 14.04 LTS.