Highlights and Updates

VMware Releases Security Update

Thursday, 18th February 2021

VMware has released a security update to address a vulnerability in vSphere Replication. An attacker could exploit this vulnerability to take control of an affected system.

We encourage users and administrators to review VMware Security Advisory VMSA-2021-0001 and apply the necessary update.

Google Releases Security Updates for Chrome

Wednesday, 3rd February 2021

Google has released Chrome version 88.0.4324.146 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that that an attacker could exploit to take control of an affected system.

We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Apple Releases Security Updates

Tuesday, 2nd February 2021

Apple has released security updates to address vulnerabilities in macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the Apple security update and apply the necessary updates.

Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156

Tuesday, 2nd February 2021

Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 1.8.2 through 1.8.31p2and stable versions 1.9.0 through 1.9.5p1. Sudo is a utility included in many Unix- and Linux-based operating systems that allows a user to run programs with the security privileges of another user. An attacker could exploit this vulnerability to take control of an affected system.

We encourage users and administrators to update to sudo version 1.9.5p2, refer to vendors for available patches, and review the following resources for additional information.

Apple Releases Security Updates

Wednesday, 27th January 2021

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users to review the Apple security pages for the following products and apply the necessary updates.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Wednesday, 27th January 2021

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review Mozilla Security Advisories for Firefox 85FirefoxESR 78.7, and Thunderbird 78.7 and apply the necessary updates.

Cisco Releases Advisories for Multiple Products

Thursday, 21st January 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:

Drupal Releases Security Updates

Thursday, 21st January 2021

Drupal has released security updates to address a vulnerability affecting Drupal. An attacker could exploit this vulnerability to take control of an affected system.

We encourage users and administrators to review Drupal Advisory SA-CORE-2021-001 and apply the necessary updates or mitigations.

Google Releases Security Updates for Chrome

Thursday, 21st January 2021

Google has released Chrome version 88.0.4324.96 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Oracle Releases January 2021 Security Bulletin

Thursday, 21st January 2021

Oracle has released its Critical Patch Update for January 2021 to address 329 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the Oracle January 2021 Critical Patch Update and apply the necessary updates.