Please see Security Advisories for the week ending January 22, 2021
- Oracle Releases January 2021 Security Bulletin
- Drupal Releases Security Updates for Multiple Products
- Google Releases Security Updates for Chrome
- Cisco Releases Advisories for Multiple Products
________________________________
Oracle Releases January 2021 Security Bulletin
Situation
Oracle has released security updates for their products. These updates address 329 vulnerabilities across multiple products.
Problem
Oracle has patched a large number of severe vulnerabilities in their major products including Enterprise Repository, Oracle Database Server, Oracle Java SE, Oracle VM VirtualBox, and much more.
Implication
If attackers are able to exploit these vulnerabilities they may be able to take over affected systems.
Need
If you are using any Oracle product, make sure to update to the latest version.
For more information and a table breakdown for each product, please refer to the Oracle website below by following the link:
https://www.oracle.com/security-alerts/cpujan2021.html
________________________________
Drupal Releases Security Updates for Multiple Products
Situation
Drupal has released A new Security advisory for CVE-2020-36193 where tar.php in Archive Tar through 1.4.11 allows directory transversal as there is inadequate checking of symbolic links that are related to an earlier vulnerability, CVE-2020-28948
Problem
Drupal has found and released patches for its Drupal 7, 8.9, 9.0, 9.1 platforms. They have found a tar file that would allow Directory transversal by using symbolic links in the system structure.
Implication
Unpatched systems are vulnerable to the 2 CVE exploits which may lead to data leaks or possible remote access and compromise of the systems.
Need
Drupal has recommended updating to the latest version however versions Prior to 8.9 are considered end of life and do not receive security coverage
Drupal recommends installing the latest versions provided below to patch known vulnerability’s
Install the latest version:
If you are using Drupal 9.1, update to Drupal 9.1.3.
If you are using Drupal 9.0, update to Drupal 9.0.11.
If you are using Drupal 8.9, update to Drupal 8.9.13.
If you are using Drupal 7, update to Drupal 7.78.
________________________________
Google Releases Security Updates for Chrome
Situation
Google has discovered and patched several vulnerabilities for its Chrome web browser software.
Problem
Google has identified several security vulnerabilities for its Chrome web browser software that an attacker can exploit to take control of affected systems.
Implication
Failure to patch systems could result in loss of control of affected systems. Possible compromise of system and network integrity.
Need
Google has released Chrome version 88.0.4324.104 for Windows and 88.0.4324.96 for Mac and Linux. Please upgrade to latest version to ensure that you are protected.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/01/21/google-releases-security-updates-chrome
For a more technical overview:
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
________________________________
Cisco Releases Advisories for Multiple Products
Situation
Cisco has discovered and patched numerous vulnerabilities in several products: Cisco SD-WAN, Cisco DNA Center Command Runner, Cisco Smart Software Manager Satellite Web UI.
Problem
Cisco has found and patched numerous newly discovered vulnerabilities across its products and has issued patches. Unpatched systems are exposed to a multitude of vulnerabilities that could allow attackers to escalate privileges, perform information gathering attacks, could allow an unauthenticated remote attacker to execute arbitrary code with root privileges, and gain complete control of compromised systems.
Implication
Failure to patch systems could result in loss of control of affected systems. Possible compromise of system and network integrity.
Need
Cisco advises patching to the most recent security updates. There are several security updates so follow the Cisco technical link provided to ensure all necessary systems are patched.
For a brief overview:
For a more technical overview:
https://tools.cisco.com/security/center/publicationListing.x
