it.ucsf.edu

Security

Security related

Synonyms

security

Security Update:Oracle has released a security alert to address a vulnerability in multiple versions of Oracle Database

Status Type

Security Update

Date and Time

Thursday, August 16, 2018 - 13:26

Reason

Security Update

Impact

Oracle users

WHAT HAPPENED?

Oracle has released a security alert to address a vulnerability in multiple versions of Oracle Database.

 

Advanced Users: For a complete description of the vulnerabilities and updates refer to:

 

AFFECTED SYSTEMS:

  • Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18

 

WHAT'S THE PROBLEM?

Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

 

HOW DO I PROTECT MY COMPUTER?

  • Oracle strongly recommends that customers remain on actively supported versions and apply Critical Patch Update fixes without delay.

 

RELATED LINKS

 

Security Update:The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND)

Status Type

Security Update

Date and Time

Thursday, August 16, 2018 - 13:20

Reason

Security Update

Impact

BIND users

WHAT HAPPENED?

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND).

 

Advanced Users: For a complete description of the vulnerabilities visit:

 

AFFECTED Systems:

For affected systems, please refer to the CVEs listed above.

 

WHAT'S THE PROBLEM?

Exploitation of one of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition.

 

WHAT DO I NEED TO DO?

Users and administrators are encouraged to review the above CVEs and apply the necessary updates.

 

RELATED LINKS

 

Security Update:Multiple vulnerabilities have been discovered in several HP Inkjet Printer products

Status Type

Security Update

Date and Time

Friday, August 10, 2018 - 15:01

Reason

Security update

Impact

HP Inkjet Printer users

ATTENTION! If you have one of these printers, you should contact your IT support to determine if it is supported by them. If it is not supported, you will need to update the printer.

 

WHAT HAPPENED?

Multiple vulnerabilities have been discovered in several HP Inkjet Printer products.

 

Advanced Users: For a complete description of the security enhancements and affected software refer to SUPPORT COMMUNICATION- SECURITY BULLETIN (HPSBHF03589 rev. 2 - HP Ink Printers Remote Code Execution) at: https://support.hp.com/us-en/document/c06097712

 

Available updates FOR:

  • HP Pagewide, PageWide Managed, and PageWide Pro – various versions – see the security bulletin listed above.
  • HP DesignJet – various versions – see the security bulletin listed above.
  • HP AMP, Deskjet, Envy, ENVY Photo, Ink Tank, Officejet, OfficeJet Pro, Photosmart, Photosmart Plus, and Smart Tank – various versions – see the security bulletin listed above.

 

WHAT'S THE PROBLEM?

Exploitation of the vulnerability may allow an attacker to perform a remote code execution and compromise the printer, which could allow an attacker to steal data, attack other devices on the network, or otherwise disrupt operations.

 

HOW DO I PROTECT MY PRINTER?

If you have one of these printers, you should contact your IT support to determine if it is supported by them. If it is not supported, you will need to update the printer.

 

RELATED LINKS

 

Security Update:VMware has released one Security Advisory to address an IMPORTANT vulnerability in multiple products.

Status Type

Security Update

Date and Time

Thursday, August 9, 2018 - 14:46

Reason

Security update

Impact

VMware users

WHAT HAPPENED?

VMware has released one Security Advisory to address an IMPORTANT vulnerability in multiple products.

 

Advanced Users: For a complete description of the security enhancement and affected software refer to:

 

AFFECTED SYSTEMS:

  • VMware Horizon 6
  • VMware Horizon 7
  • VMware Horizon Client for Windows

 

WHAT'S THE PROBLEM?

Successful exploitation of this vulnerability may allow an unauthorized attacker to obtain sensitive information.

 

HOW DO I PROTECT MY COMPUTER?

VMware recommends customers to review the patch/release notes for your product and version and verify the checksum of your downloaded file.

  1. If you are supported by ITFS or have different IT support, no action on your part is required.
  2. If you do not have IT support, updates may be obtained through VMware Security Advisories listed above.

 

RELATED LINKS

 

Security Update:NCCIC is aware of a Linux kernel vulnerability affecting Linux 4.9 and greater

Status Type

Security Update

Date and Time

Tuesday, August 7, 2018 - 09:41

Reason

Security update

Impact

Linux users

WHAT HAPPENED?

NCCIC is aware of a Linux kernel vulnerability affecting Linux 4.9 and greater.

 

Advanced Users: For a complete description of the security enhancement and affected software refer to Vulnerability Note VU#962459 (Linux Kernel TCP implementation vulnerable to Denial of Service) at: https://www.kb.cert.org/vuls/id/962459

 

Available updates FOR:

  • Linux kernel, versions 4.9+

 

WHAT'S THE PROBLEM?

An remote attacker may be able to trigger a denial-of-service condition against a system with an available open port.

 

HOW DO I PROTECT MY COMPUTER?

Update your software

1. If you are supported by ITFS or have different IT support, no action on your part is required.

2. If you do not have IT support or they do not support your computer, refer to the vulnerability note listed above for patching information.

 

RELATED LINKS

Security Update:Mozilla has released security updates to address 6 Critical, 4 High, and 5 Moderate vulnerability in Thunderbird

Status Type

Security Update

Date and Time

Tuesday, August 7, 2018 - 09:37

Reason

Security update

Impact

Thunderbird users

WHAT HAPPENED?

Mozilla has released security updates to address 6 Critical, 4 High, and 5 Moderate vulnerability in Thunderbird.

 

Advanced Users: For a complete description of the security enhancement and affected software refer to Mozilla Foundation Security Advisory 2018-19 (Security vulnerabilities fixed in Thunderbird 60) at https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/

 

Available updates FOR:

  • Thunderbird below 60

 

WHAT'S THE PROBLEM?

Exploitation of the vulnerability may allow an attacker to take control of an affected system.

 

HOW DO I PROTECT MY COMPUTER?

Update your software

1. If you are supported by ITFS or have different IT support, no action on your part is required.

2. If you do not have IT support or they do not support your computer:

  • Thunderbird is setup by default to auto update.

 

RELATED LINKS

 

Security Update:Cisco released a security update to address a High vulnerability in its Prime Collaboration Provisioning

Status Type

Security Update

Date and Time

Wednesday, August 1, 2018 - 14:56

Reason

Security update

Impact

Cisco Prime Collaboration Provisioning users

WHAT HAPPENED?

Cisco released a security update to address a High vulnerability in its Prime Collaboration Provisioning.

 

Advanced Users: For a complete description of the vulnerabilities visit

Cisco Security Advisories and Alerts at: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-pcp-dos

 

AFFECTED VERSIONS:

  • Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior

 

WHAT'S THE PROBLEM?

A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

 

WHAT DO I NEED TO DO?

Refer to Cisco Security Advisories and Alerts to determine exposure and a complete upgrade solution at:​ https://tools.cisco.com/security/center/publicationListing.x

 

RELATED LINKS

 

Security Update:Google has released Chrome version 68.0.3440.75 for Windows, Mac, and Linux to address multiple vulnerabilities

Status Type

Security Update

Date and Time

Wednesday, July 25, 2018 - 13:57

Reason

Security update

Impact

Chrome users

WHAT HAPPENED?

Google has released Chrome version 68.0.3440.75 for Windows, Mac, and Linux to address multiple vulnerabilities.

 

Advanced Users: For a complete description of the security enhancement and affected software refer to the following Stable Channel Update for Desktop:

https://chromereleases.googleblog.com/search/label/Stable updates

 

AFFECTED SYSTEMS:

  • Chrome for Windows, Mac, and Linux

 

WHAT'S THE PROBLEM?

Exploitation of one these vulnerabilities could allow an attacker to take control of an affected system.

 

HOW DO I PROTECT MY COMPUTER?

Update your software

  1. If you are supported by ITFS or have different IT support, no action on your part is required.
  2. If you do not have IT support, please view the Stable Channel Update referred to above.

 

RELATED LINKS

Security Update:The Apache Software Foundation has released 2 important security advisories to address vulnerabilities in Apache Tomcat

Status Type

Security Update

Date and Time

Wednesday, July 25, 2018 - 09:52

Reason

Security update

Impact

Apache Tomcat users

WHAT HAPPENED?

The Apache Software Foundation has released 2 important security advisories to address vulnerabilities in Apache Tomcat.

 

Advanced Users: For a complete description of the security advisory go to:

 

AFFECTED SYSTEMS:

  • Apache Tomcat 9.0.0.M9 to 9.0.9
  • Apache Tomcat 8.5.0 to 8.5.30
  • Apache Tomcat 8.0.0.RC1 to 8.0.51
  • Apache Tomcat 7.0.28 to 7.0.86

 

WHAT’S THE PROBLEM?

Exploitation of one of these vulnerabilities could allow an attacker to obtain sensitive information.

 

HOW DO I PROTECT MY WEB SITE

  • Users and administrators are encouraged to review the Apache Security advisories listed above.

 

RELATED LINKS

Security Update:Oracle has released its Critical Patch Update for July 2018 to address multiple vulnerabilities across multiple products

Status Type

Security Update

Date and Time

Thursday, July 19, 2018 - 10:05

Reason

Security update

Impact

Oracle users

WHAT HAPPENED?

Oracle has released its Critical Patch Update for July 2018 to address multiple vulnerabilities across multiple products.

 

Advanced Users: For a complete description of the vulnerabilities and updates refer to:

 

AFFECTED SYSTEMS:

 

WHAT'S THE PROBLEM?

Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

 

HOW DO I PROTECT MY COMPUTER?

  • Oracle strongly recommends that customers remain on actively supported versions and apply Critical Patch Update fixes without delay.

 

RELATED LINKS

Pages