CVE-2014-0513 hotfix for CS5?

Similar Messages

• CVE-2013-0632, Hotfix APSB13-03 for Coldfusion 8 ???

  Hello; I have a question regarding the Coldfusion Security Bulletin APSB13-03 for ColdFusion 10, 9.0.2, 9.0.1 and 9.0.
  Is this hotfix also availablefor Coldfusion 8.01? We use the Coldfusion 8.01 enterprise version.
  Patched on the last available hotfix APSB12-21 -> Security update: Hotfix available for ColdFusion 10 and earlier.
  By regulary scanning our systems a finding regarding CVE-2013-0632 was found by the scanners, to resolve with APSB13-03.
  Is APSB13-03 available for Coldfusion 8.01? Core support ends 7/31/2012 (the last hotfix for cf 8 wa from 11/2012!)
  But extended Support reaches until 7/31/2014.
  frank

  Thanks;
  You wrote exactly my thoughts )
  Mit freundlichen Grüßen
  Frank Winkelmann
  Siemens AG
  Corporate Information Technology
  Corporate Automation
  CIT CA HS 1 4
  Hugo-Junkers-Str. 9
  90411 Nürnberg, Deutschland
  Tel. Geschäftlich: 091145051290
  Tel. Mobil: 015254690615
  mailto:[email protected]
  Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Gerhard Cromme; Vorstand: Peter Löscher, Vorsitzender; Roland Busch, Brigitte Ederer, Klaus Helmrich, Joe Kaeser, Barbara Kux, Hermann Requardt, Siegfried Russwurm, Peter Y. Solmssen, Michael Süß; Sitz der Gesellschaft: Berlin und München, Deutschland; Registergericht: Berlin Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr. DE 23691322
  Von: Adam Cameron. [email protected]
  Gesendet: Mittwoch, 29. Mai 2013 12:29
  An: Winkelmann, Frank
  Betreff: CVE-2013-0632, Hotfix APSB13-03 for Coldfusion 8 ???
  Re: CVE-2013-0632, Hotfix APSB13-03 for Coldfusion 8 ???
  created by Adam Cameron.<http://forums.adobe.com/people/Adam+Cameron.> in ColdFusion - View the full discussion<http://forums.adobe.com/message/5361018#5361018

• Are you aware about bash security issue CVE-2014-6271 ? Do you have a patch for that? The problem may exist in all Solaris versions.

  Are you aware about bash security issue CVE-2014-6271 ? Do you have a patch for that? The problem may exist in all Solaris versions.

  The official communication is now posted to
      https://blogs.oracle.com/security/entry/security_alert_cve_2014_7169

• Sourcefire rule for CVE 2014-1692

  Hi,
  Please mention me the Sourcefire rule number for CVE 2014-1692.
  Best Regards,
  Jackson Ku

  Hi,
  Thanks for your reply. Do you mean no Sourcefire rule for CVE 2014-1692 currently, and we should raise a TAC case to request?
  Best Regards,
  Jackson

• Is patch available for CVE-2014-3566?

  Is patch available for CVE-2014-3566?

  Update your OS X to the latest version plus any security updates.
  Pete

• Bash bug  CVE-2014-6271 patch availability for OL4?

  Hi,
  Kindly advise how to download the CVE-2014-7169  CVE-2014-6271 security patches for Oracle Linux 4?
  Rgds;
  Shirley

  Exactly the same way as you would for OL5, OL6 or OL7: either connect your machine to the Unbreakable Linux Network or public-yum.oracle.com and use the up2date tool to upgrade bash.

• Is there a patch out for the bash bug (CVE 2014-6271)?

  Is there a patch out for the bash bug (CVE 2014-6271)? I saw one for Oracle Linux, so I hope there's one for Solaris as well.

  Hi,
  another approach could be to just build a custom bash package yourself using
  the available changes published here:
  https://java.net/projects/solaris-userland/sources/gate/show/components/bash
  That's the build infrastructure and source we use to build the official Solaris 11
  IPS packages.
  Regards,
  Ronald

• Restore Log with Standby Mode on VHDX disk problem - hotfix for SQL 2014 needed

  Restore Log with Standby Mode on Virtual VHDX disk cause a 9004 error in SQL Server 2014 ( test performed on Web edition and Standard version )
  Similar Bug for SQL 2008R2 is already registered with number hotfix
  KB2987585
  Restore operations always fail in Hyper-V R2 Server in situations ( text copied from
  KB2987585 page )
  The primary database has its transaction log file (.ldf) stored on a disk that has "Bytes per Physical Sector" set as 512 bytes.
  You take the transaction log backups of this database, and then you try to restore it by using the standby option on the secondary database.
  The secondary database transaction log file (.ldf) is located on a VHDX disk that has "Bytes per Physical Sector" set as 4,096 bytes.
  In this scenario, the restore operation fails and returns the following error message:
  Error: 9004, Severity: 16, State: 6.
  An error occurred while processing the log for database '<databasename>'. If possible, restore from backup. If a backup is not available, it might be necessary to rebuild the log.
  After this error occurs, the secondary database goes into a suspect state.
  So restore from Generation1 to Generation2 machine ( where only VHDX disk is possible ) always fails and database is not accessible.
  Please create hotfix for SQL 2014 version

  Please create hotfix for SQL 2014 version
  This is a community forum, no one of use can create a hotfix for SQL Server.
  Raise a case at Microsoft Support or create an entry at MS Connect:
  http://connect.microsoft.com/SQLServer
  Olaf Helper
  [ Blog] [ Xing] [ MVP]

• CSCuq79267 - UCS Apache 2.2 Vulnerability CVE-2014-0118

  I too am seeing this same behavior. Nessus has found this, and 3 other, vulnerabilities with the Apache version provided by the UCS platform.
  Any fixes in the works? We are currently running firmware 2.2(3c). The release notes for 2.2(3d) and 2.2(3e) do not address CVE-2014-0118.
  EDIT:
  2.2(3f) also does not address these vulnerabilities. Does the UCS version of Apache use the modules that are found faulty according to Nessus?
  Nessus is also reporting the following CVEs related to this one: CVE-2013-6438, CVE-2014-0098, CVE-2013-5704, CVE-2014-0226, and CVE-2014-0231.

  Hi,
  Please refer this links,
  Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
  https://rhn.redhat.com/errata/RHSA-2015-0090.html
  Regards,
  S27

• PCI Compliance Azure Websites (CVE-2014-6321)

  Trying to gain PCI compliance of an azure website. Trustwave scan came back as a pass apart from the following:-
  Vulnerability in Security Channel Could Allow Remote Code Execution (MS14-066)/CVE-2014-6321
  Anything I can do? It's post 443 - we have a EV SSL certificate in IP Based SSL.

  I just had a conversation with Trustwave and they are going to disable this check while they figure out a detection without this false positive, so your scans should be fine now. Thank you Trustwave for such a quick response and turn around!

• CSCur27617: AnyConnect vulnerable to POODLE attack (CVE-2014-3566) Win/Mac/Linux Question

  CSCur27617: AnyConnect vulnerable to POODLE attack (CVE-2014-3566) Win/Mac/Linux
  I wanted to know if the AnyConnect Secure Mobility Client would still be vulnerable to this if it was only connecting via SSL VPN (TLS) to an ASA that already has the workaround implemented on it (Disable SSLv3)?
  Thanks,
  Rob Miele

  Hi Rob , 
  According to the bug: 
  All versions of desktop AnyConnect for Mac OS X and Linux prior to 3.1.00495 are vulnerable , so Anyconnect 3.1.06.073 is safe from POODLE vulnerability 
  On the Anyconnect you can disable the SSL using Ikev2 instead of the SSL protocols , however as the bug mention , the client creates a paralel ssl tunnel to get updates and profile from the router.
  If you're asking to disable SSLv3 on the router , unfortunately there is not code yet , the workaround is to disable the webvpn or upgrade the VPN client.
  As well here is the officil advisory for the POODLE vulnerbility on Cisco Products.
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
  Hope it helps
  - Randy - 

• Bash bug  CVE-2014-6271 patch availability?

  Hi everyone, does anyone know if Oracle has released a patch for the bash bug?  CVE-2014-6271 link below.
  NVD - Detail
  I'm looking for a patch on el5uek and el6uek I'm using: 2.6.39-400.126.1.el5uek, 2.6.39-400.21.1.el6uek.x86_64
  thanks!

  Check the following:
  [root@vm110 ~]# yum -y install yum-security
  [root@vm110 ~]# yum list-security | grep bash
  This system is not registered with ULN.
  You can use up2date --register to register.
  ULN support will be disabled.
  ELSA-2014-1293 security bash-3.2-33.el5.1.x86_64
  [root@vm110 ~]# yum info-security ELSA-2014-1293
  Loaded plugins: rhnplugin, security
  This system is not registered with ULN.
  You can use up2date --register to register.
  ULN support will be disabled.
  ===============================================================================
     bash security update
  ===============================================================================
    Update ID : ELSA-2014-1293
      Release : Oracle Linux 5
         Type : security
       Status : final
       Issued : 2014-09-24
         CVEs : CVE-2014-6271
  Description : [4.1.2-15.1]
              : - Check for fishy environment
              :   Resolves: #1141645
     Solution : This update is available via the Unbreakable Linux Network (ULN)
              : and the Oracle Public Yum Server. Details on how
              : to use ULN or http://public-yum.oracle.com to
              : apply this update are available at
              : http://linux.oracle.com/applying_updates.html.
       Rights : Copyright 2014 Oracle, Inc.
     Severity : Critical
  info-security done
  [root@vm110 ~]# yum -y install bash-3.2-33.el5.1
  If you cannot see the above and do not pay for a subscription, make sure you have correct yum repository setup.
  See Oracle Public Yum Server for details.
  To install:
  [root@vm110 ~]# yum -y install bash-3.2-33.el5.1

• Regarding CVE-2014-0510

  Regarding CVE-2014-0510, the CVE only references 12.0.0.77; however, none of the updates since address this CVE.  Is this vulnerability still outstanding in current versions?

  Hi,
  As far as I know, ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file.
  If you are not using the above version of Intel Indeo Video, then systems are not affected.
  In addition, it is recommended to keep Windows machines fully patched.
  More information for you:
  Vulnerability Summary for CVE-2014-3735
  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3735
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Schannel and TLS 1.x padding vulnerability (CVE-2014-8730)

  Hi all,
  Is the implementation of TLS by Microsoft Secure Channel (Schannel) (http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx) affected by "CVE-2014-8730 TLS 1.x padding vulnerability"?
  Please see the following links for more details about this vulnerability:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730
  https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
  Is there a confirmation from Microsoft that Schannel is not affected by this vulnerability?
  Regards,
  Sanjay

  No, Microsoft SChannell is not affected.Only F5 products are affected:
  http://www.securityfocus.com/bid/71549
  Vadims Podāns, aka PowerShell CryptoGuy
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell File Checksum Integrity Verifier tool.
  i know some Windows 2008 System which are affected?! Why?

• CVE-2014-0224

  Hi Everyone,
  We have multiple switches being found that have this vulnerability CVE-2014-0224 known as OpenSSL Change CipherSpec Vulnerability. This affects our CATALYST 3750v2 switches is there any mitigations or workaround on this vulnerability other than upgrading its IOS.
  Thank you
  Sherwin

  Firstly, I think you've posted this in the wrong section of the forums (TelePresence).
  But, if you read the notices in detail, and especially the ones for each specific product, they will usually let you know a workaround if there is one.
  For some of these vulnerabilities mentioned, you need to have physical access to the box, so making sure they're in a secured location is a good first step.