it.ucsf.edu

Security

Security related

Synonyms

security

Security Update:Apple has released security updates to address vulnerabilities in multiple products.

Status Type

Security Update

Date and Time

Wednesday, April 25, 2018 - 16:09

Reason

Security Update

Impact

  • OS X El Capitan 10.11.6
  • macOS Sierra 10.12.6
  • macOS High Sierra 10.13.4
  • iPhone 5s and later
  • iPad Air and later
  • iPod touch 6th generation

WHAT HAPPENED?

Apple has released security updates to address vulnerabilities in multiple products.

 

Advanced Users: For a complete description of the security enhancements and affected software refer to:

 

AFFECTED SYSTEMS:

  • OS X El Capitan 10.11.6
  • macOS Sierra 10.12.6
  • macOS High Sierra 10.13.4
  • iPhone 5s and later
  • iPad Air and later
  • iPod touch 6th generation

WHAT'S THE PROBLEM?

A remote attacker could exploit this vulnerability to take control of an affected system.

 

HOW DO I PROTECT MY COMPUTER?

Update your software

  1. If IT Field Services or you have other IT support, no action on your part is required.
  2. If you do not have IT support, for update information refer to refer to Apple’s Security Updates listed above

RELATED LINKS

 

Security Update:CISCO released 2 Critical and 9 High security advisories to address vulnerabilities in multiple products

Status Type

Security Update

Date and Time

Monday, April 23, 2018 - 09:31

Reason

Security update

Impact

Cisco users

WHAT HAPPENED

CISCO released 2 Critical and 9 High security advisories to address vulnerabilities in multiple products.

 

Advanced Users: For a complete description of the vulnerabilities visit:

 

Affected Systems:

  • Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.2
  • Cisco WebEx Business Suite (WBS32) client builds prior to T32.10
  • Cisco WebEx Meetings with client builds prior to T32.10
  • Cisco WebEx Meetings Server builds prior to 2.8 MR2
  • Cisco Unified Computing System (UCS) Director releases 6.0 and 6.5
  • Aggregation Services Router (ASR) 5700 Series
  • Virtualized Packet Core—Distributed Instance (VPC—DI) System Software
  • Virtualized Packet Core—Single Instance (VPC—SI) System Software
  • Cisco IOS XR platforms running 6.3.1, 6.2.3, or earlier releases of Cisco IOS XR Software
  • Adaptive Security Appliance (ASA) 5500-X Series Firewalls with FirePOWER Services
  • Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls
  • Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances
  • Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances
  • Firepower 4100 Series Appliances
  • FirePOWER 7000 Series Appliances
  • FirePOWER 8000 Series Appliances
  • Firepower 9300 Series Security Appliances
  • Firepower Threat Defense for Integrated Services Routers (ISRs)
  • Firepower Threat Defense Virtual for VMware
  • Industrial Security Appliance 3000
  • Sourcefire 3D System Appliances
  • Cisco Firepower Threat Defense (FTD) Software Releases 6.2.1 and 6.2.2,
  • 3000 Series Industrial Security Appliances (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 9300 ASA Security Module
  • FTD Virtual (FTDv)
 

WHAT’S THE PROBLEM?

A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

 

WHAT DO I NEED TO DO?

Users and administrators are encouraged to review the above Cisco Security Advisory and apply the offered updates.

 

RELATED LINKS

Security Update:Drupal has released a MODERATLY CRITICAL security advisory to address a vulnerability in Drupal 7 and 8

Status Type

Security Update

Date and Time

Monday, April 23, 2018 - 09:24

Reason

Security update

Impact

Drupal users

WHAT HAPPENED?

Drupal has released a MODERATLY CRITICAL security advisory to address a vulnerability in Drupal 7 and 8.

 

Advanced Users: For the full Public Announcement refer to:

 

AFFECTED SYSTEMS:

  • Drupal 7 and 8

 

WHAT'S THE PROBLEM?

If exploited, this vulnerability may allow an attacker to gain access to sensitive information.

 

WHAT DO YOU NEED TO DO?

Install the latest version:

  • If you use Drupal 8, update to Drupal 8.5.2 or Drupal 8.4.7:

https://www.drupal.org/project/drupal/releases/8.5.2

https://www.drupal.org/project/drupal/releases/8.4.7

  • The Drupal 7.x CKEditor contributed module is not affected if you are running CKEditor module 7.x-1.18 and using CKEditor from the CDN, since it currently uses a version of the CKEditor library that is not vulnerable.
  • If you installed CKEditor in Drupal 7 using another method (for example with the WYSIWYG module or the CKEditor module with CKEditor locally) and you’re using a version of CKEditor from 4.5.11 up to 4.9.1, update the third-party JavaScript library by downloading CKEditor 4.9.2 from CKEditor's site: https://ckeditor.com/ckeditor-4/download/

 

RELATED LINKS

 

Security Update:Oracle has released its Critical Patch Update for April 2018 to address multiple vulnerabilities across multiple products

Status Type

Security Update

Date and Time

Wednesday, April 18, 2018 - 09:44

Reason

Security update

Impact

Oracle users

WHAT HAPPENED?

Oracle has released its Critical Patch Update for April 2018 to address multiple vulnerabilities across multiple products.

 

Advanced Users: For a complete description of the vulnerabilities and updates refer to:

 

AFFECTED SYSTEMS:

 

WHAT'S THE PROBLEM?

Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

 

HOW DO I PROTECT MY COMPUTER?

  • Oracle strongly recommends that customers remain on actively supported versions and apply Critical Patch Update fixes without delay.

 

RELATED LINKS

 

 

Security Update:Cisco released 1 Critical and 1 High Advisory /Alerts to address vulnerabilities in its IOS and IOS XE Software

Status Type

Security Update

Date and Time

Wednesday, April 18, 2018 - 08:57

Reason

Security update

Impact

Cisco users

WHAT HAPPENED?

Cisco released 1 Critical and 1 High Advisory /Alerts to address vulnerabilities in its IOS and IOS XE Software.

 

Advanced Users: For a complete description of the vulnerability visit

Cisco Security Advisories and Alerts at:

 

AFFECTED VERSIONS:

This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software.

 

WHAT'S THE PROBLEM?

Exploitation of one of these vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code on an affected device.

 

WHAT DO I NEED TO DO?

Users and administrators are encouraged to review the Cisco Security Advisories, listed above, and apply the necessary updates.

 

RELATED LINKS

 

Security Update:Drupal has released a HIGHLY CRITICAL security advisory to address multiple vulnerabilities in Drupal 7.x and 8.5.x. There are now reports of active exploitation of this vulnerability to compromise servers and spread malware

Status Type

Security Update

Date and Time

Tuesday, April 17, 2018 - 08:27

Reason

Security update

Impact

Drupal users

WHAT HAPPENED?

Drupal has released a HIGHLY CRITICAL security advisory to address multiple vulnerabilities in Drupal 7.x and 8.5.x. There are now reports of active exploitation of this vulnerability to compromise servers and spread malware.

 

Advanced Users: For the full Public Announcement refer to:

 

AFFECTED SYSTEMS:

  • Drupal 6.x, 7.x, and 8.x

 

WHAT'S THE PROBLEM?

If exploited, this vulnerability may allow an attacker completely take over the site.

 

WHAT DO YOU NEED TO DO?

Install the latest version:

  • If you use Drupal 6.x, upgrade to Dupal 7.58 or 8.5.1. If a Drupal 6 site cannot be upgraded to Drupal 7 or 8: Drupal 6 is officially end of life, support and security patches may be available from third party vendors: https://www.drupal.org/project/d6lts

 

RELATED LINKS

 

Security Update:Microsoft has released a security update to alert users that an information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed.

Status Type

Security Update

Date and Time

Friday, April 13, 2018 - 15:22

Reason

Security update

Impact

Microsoft users

WHAT HAPPENED?

Microsoft has released a security update to alert users that an information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed.

 

Advanced Users:For a complete description and affected software refer to:

 

AFFECTED SYSTEMS:

See Security Advisory listed above.

 

WHAT'S THE PROBLEM?

This vulnerability could potentially result in the disclosure of sensitive information to a malicious site.

 

HOW DO I PROTECT MY COMPUTER?

Update your software

  1. If you are supported by ITFS or have different IT support, no action on your part is required.
  2. If you do not have IT support or they do not support your computer, refer to the security advisory listed above.

 

RELATED LINKS

Security Update:Cisco released a security updates to address 1 Critical vulnerability in its IOS and IOS XE Software.

Status Type

Security Update

Date and Time

Friday, April 13, 2018 - 15:19

Reason

Security update

Impact

Cisco users

WHAT HAPPENED?

Cisco released a security updates to address 1 Criticalvulnerability in its IOS and IOS XE Software.

 

Advanced Users:For a complete description of the vulnerability visit:

 

AFFECTED VERSIONS:

This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software.

 

WHAT'S THE PROBLEM?

Exploitation of one of these vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.

 

WHAT DO I NEED TO DO?

Users and administrators are encouraged to review the Cisco Security Advisories, listed above, and apply the necessary updates.

 

RELATED LINKS

 

 

Security Update:VMware has released one Security Advisory to address IMPORTANT vulnerabilities in vRealize Automation (vRA)

Status Type

Security Update

Date and Time

Friday, April 13, 2018 - 15:14

Reason

Security update

 

Impact

VMware users

WHAT HAPPENED?

VMware has released one Security Advisory to address IMPORTANTvulnerabilities in vRealize Automation (vRA).

 

Advanced Users:For a complete description of the security enhancement and affected software refer to:

 

AFFECTED SYSTEMS:

  • vRealize Automation (vRA)

 

WHAT'S THE PROBLEM?

Successful exploitation of these issues may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.

 

HOW DO I PROTECT MY COMPUTER?

VMware recommends customers to review the patch/release notes for your product and version and verify the checksum of your downloaded file.

  1. If you are supported by ITFS or have different IT support, no action on your part is required.
  2. If you do not have IT support, updates may be obtained through VMware Security Advisories listed above.

RELATED LINKS

 

QUESTIONS? NEED HELP?

  1. The UCSF IT Service Desk is available by:
  1. Parnassus: Visit Kalmanovitz Library, Room 240 during library hours.

Security Update:Adobe has released a security update to address 4 Critical, 9 Important and 1 Moderate vulnerability in various products

Status Type

Security Update

Date and Time

Tuesday, April 10, 2018 - 15:26

Reason

Security update

Impact

Adobe users

WHAT HAPPENED?

Adobe has released a security update to address 4 Critical, 9 Important and 1 Moderate vulnerability in various products.

 

Advanced Users: For a complete description of the security enhancements and affected software refer to:

 

AFFECTED SYSTEM - Versions:

  • Adobe PhoneGap Push plugin 1.8.0 earlier versions
  • Adobe Digital Editions 4.5.7 and below
  • Adobe InDesign CC 13.0 and below
  • Adobe Experience Manager Version 6.0-6.3
  • Adobe Flash Player 29.0.0.113 and earlier versions

 

WHAT'S THE PROBLEM?

Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

 

HOW DO I PROTECT MY COMPUTER?

Update your software

  1. If you are supported by ITFS or have different IT support, no action on your part is required.
  2. If you do not have IT support or they do not support your computer for updates refer to the Adobe Security Bulletin listed above.

 

RELATED LINKS

Pages