My next class:

Adobe, Google and other Patch Tuesday patches

Published: 2013-11-12. Last Updated: 2013-11-14 17:03:00 UTC
by Johannes Ullrich (Version: 1)
6 comment(s)

Adobe

Adobe published two advisories today:

(Correction: APSB13-25 was released last month, and I have removed it from this diary. Instead, APSB13-27 was added below)

APSB13-26: Security Updates for Flash Player

This update affects the Windows, OS X as well as the Linux version of Adobe Flash Player 11.9 (11.2 for Linux) , as well as Adobe Air 3.9. The Flashplayer vulnerability is assigned a priority of "1" on Windows and OS X which indicates an exploit has been sighted in the wild and Adobe recommends patch "as soon as possible" (72 hrs).

Vulnerabilities that are covered by this patch: CVE-2013-5329, CVE-2013-5330.

APSB13-27: Hotfix for Coldfusion

This hotfix affects Coldfusion 9 as well as 10. Adobe assigned it a priority of 1 for Coldfusion 10 and 2 for Coldfusion 9.x . The hotfix patches two vulnerabilities:

1 - A reflective XSS vulnerability in Coldfusion 9/10 (CVE-2013-5326)
2 - An authentication bypass problem in Coldfusion 10 (CVE-2013-5328)

The second vulnerability which allows unauthorized remote read access is probably the reason this hotfix is rated "1" for Coldfusion 10.

 

Google

Google released a new version of Chrome today: Chrome 31. The update includes 25 security fixes. Not exactly a security fix, but still interesting: Chrome 31 improves the SSL ciphers by adding support for the AES-GCM ciphers.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords:
6 comment(s)
My next class:

Comments

I'm confused...

ASPB13-25 was released last month and Reader 11.0.05 was released on Oct 8th

http://www.adobe.com/support/security/bulletins/apsb13-25.html

??
Thanks. I fixed the diary. I think this may have happened because APSB13-27 isn't live yet, but listed on the security summary page.
Just something I noticed:
I went to :https://www.adobe.com/support/security/bulletins/apsb13-26.html
clicked on the top link and I get: http://get.adobe.com/flashplayer/

looking in Flagfox I see it is a Ukraine IP: 192.150.16.58
I then went to the top Domain in Adobe then to the downloads page and I get the same thing.
openDNS is my DNS resolver
Since when did Adobe start hosting the Flash downloads in the Ukraine? I'm thinking it could be bogus.

I just refreshed it twice now it shows as USA based Apache NOT JRun in Ukraine....odd stuff
192.150.16.0/24 seems to be some kind of anycast-announced netblock. So depending where I traceroute from, it would appear to be hosted in Dallas, or Dublin, or ...
Thanks... just seemed odd and after their breach trustworthiness is gone :)
> looking in Flagfox I see it is a Ukraine IP: 192.150.16.58

I looked at www.arin.net/whois -- that /24 is allocated to ADOBE, as is 192.150.15.0/24 and 192.150.17.0/24

Using NSLOOKUP with the '-debug' option shows a TTL of about 30 seconds for the result, either:

Name: get.wip4.adobe.com
Address: 192.150.16.58
Aliases: get.adobe.com

or:

Name: get.wip4.adobe.com
Address: 193.104.215.66
Aliases: get.adobe.com

i.e., somewhere in Texas or somewhere in Europe.

Round-robin load-balancing by Adobe's DNS-servers ?

adobe.com
nameserver = adobe-dns-03.adobe.com
ttl = 1955 (32 mins 35 secs)
nameserver = adobe-dns-05.adobe.com
ttl = 1955 (32 mins 35 secs)
nameserver = adobe-dns-04.adobe.com
ttl = 1955 (32 mins 35 secs)
nameserver = adobe-dns-02.adobe.com
ttl = 1955 (32 mins 35 secs)
nameserver = adobe-dns-01.adobe.com
ttl = 1955 (32 mins 35 secs)

Comments?

Diary Archives