VxWorks OS patches, Chrome 76 release, RedHat’s massive security updates, and more: Patch Tuesday - Week 4, July 2019

Canonical

Numerous security vulnerabilities found in the Ubuntu operating system were addressed by Canonical this week. The flaws were present in components such as OpenJDK 8, SoX, OpenLDAP along with certain applications and libraries for Ubuntu. In addition, specific Linux Kernel vulnerabilities were also patched. Major flaws included privilege escalation, CRFL injection issue, denial-of-service (DoS) and remote code execution(RCE). Users are advised to update to the latest version of the OS.

The security advisories can be found here.

Cisco

Cisco addressed a medium-severity flaw that impacted the Cisco Enterprise License Manager. The vulnerability, tracked as CVE-2018-0105, is an information disclosure flaw and was found in the web framework of the product. An attacker could exploit this flaw by browsing a specific URL and subsequently view data library information. The flaw is reported to affect Enterprise License Manager version prior to the first fixed software release.

Google

Google has released the latest version of the Chrome browser. The new version, Chrome 76 includes 43 security fixes along with bringing new features to the browser. The security fixes patch major issues along with medium and low severity flaws. These include use-after-free (CVE-2019-5850, CVE-2019-5850), memory corruption (CVE-2019-5853), use-after-poison (CVE-2019-5853) and a flaw that loaded URLs in other browsers(CVE-2019-5859). Chrome users can update to the new version by clicking on ‘About Chrome’ in the Settings section.

HP

A minor application-related vulnerability has been fixed by HP. The flaw exposed configuration details in the Samsung Mobile Print app prior to version 4.08.007. Tracked as CVE-2019-6331, HP reports it to be due to information obfuscation in the application. It is fixed in 4.08.007, which is the latest release. The update can be found here.

Red Hat

Red Hat has addressed a host of security issues this week. Most of the flaws addressed were rated as ‘Important’ and included issues such as buffer overflow, integer overflow, heap corruption, use-after-free, input validation, and memory corruption issues. The flaws were present in kernels as well as applications meant for Red Hat products. The products impacted are Red Hat Enterprise Linux, Red Hat OpenShift Container Platform, Red Hat Virtualization, Red Hat Gluster Storage Server, Red Hat CodeReady Linux, Red Hat CloudForms and Red Hat Software Collections.

The security advisories can be found here.

Wind River

Wind River Systems, which is the developer of the VxWorks operating system, has announced patches for 11 critical security vulnerabilities found in the networking protocols of the OS. Dubbed as URGENT/11, it was reported that around 200 million devices that use VxWorks are vulnerable to the flaws. The OS, which is the core product of the company, is used in embedded systems.

Versions that contain the flaws are VxWorks 7 (SR540 and SR610), VxWorks 6.5 to 6.9 and VxWorks versions using the Interpeak standalone network stack. More details on the update can be found here.