11.5 C
London
Saturday, October 21, 2017
Home Tags Server

Tag: Server

Product Defect Fixed releases availability Cisco SocialMiner CSCux41444 Cisco WebEx Meetings Server versions 1.x CSCux41312 2.5MR6 (Available)2.6MR1 (28-Jan-2016) Cisco WebEx Meetings Server versions 2.x CSCux41312 2.5MR6 (Available)2.6MR1 (28-Jan-20...
Cambridge UK, 26 October 2015 – A team from Redgate Software, the Cambridge UK based company behind the world’s leading SQL Server and .NET development tools, is devoting a week to work on the code for an open source biometric fingerprint system that will improve the lives of the poor in the developing world.The system is used by SimPrints, a non profit tech company working with the Gates Foundation and charities like Médecins Sans Frontières to design a low cost biometric scanner that can be deployed in the field. With the scanner, a health worker can swipe a patient’s fingerprint to find and view the correct health records on a mobile device, either online or offline. The benefits in developing countries, where the lack of official identity documents like birth certificates or social security numbers can restrict access to healthcare, are obvious.

The SimPrints scanner works with most of the mobile tools used by health workers around the world and has the potential to dramatically improve vaccination coverage, TB monitoring, and maternal healthcare. The idea to help SimPrints is part of Down Tools Week, Redgate’s regular hackweek, where software developers, testers, UX designers, and project managers literally down tools to spend five days working on inspirational projects. The proposal was suggested to Redgate by Tristram Norman, the CTO of SimPrints, who saw an opportunity for the technology to take a big leap forward. “Our scanner uses SourceAFIS, the best open source automatic fingerprint identification system available,” he explains. “The codebase behind it is written in C#, but we want to rewrite it in C so that it works better with native Android which runs most of the mobile tools used by health workers around the world.” Tristram Norman calculated that it would take a single developer around 55 days to rewrite the source code – but that it might be possible for a team of Redgate developers to complete the task during Down Tools Week. The idea was suggested internally at Redgate and a dozen developers and testers signed up to work on it.

The aim is rewrite the code in just five days in the first week of November and have a version working on the SimPrints Scanner so that it can be tested in the field. “We’re really excited about this,” says Jeff Foster, Head of Product Engineering at Redgate. “Down Tools Week is all about giving people the opportunity to expand their skills in new areas.

The team working on the SimPrints project have a big task ahead of them, but there are lots of reasons to succeed and we’ll be providing all the help we can.” “The potential is enormous,” adds Tristram Norman. “To have such a big team from Redgate focused solely on SimPrints for a week will mean we can shorten our development schedule and get our technology in use sooner in places like Bangladesh and Zambia where it’s desperately needed.” Even if all the porting work isn’t completed within the hackweek at Redgate, the leap forward provided by a sustained week of effort from a large team of developers brings the challenge from difficult to possible in a short space of time. Professor Alain Labrique, Director of Johns Hopkins University Global mHealth Initiative, has already called SimPrints ‘a real game-changer for the foot soldiers of global health’.

The new initiative between Redgate and SimPrints means the vision of health workers being able to identify patients quickly and accurately in order to provide the right care is now a lot closer to reality. – ENDS – For further information, please contact:Jeff Foster, Head of Product Engineering, Redgate Softwarejeff.foster@red-gate.com+44 (0)1223 438841 Tristram Norman, CTO, SimPrintstristram@simprints.com Redgate Software makes ingeniously simple software used by 650,000 IT professionals who work with SQL Server, .NET, and Oracle. More than 100,000 companies use Redgate products, including 91% of the Fortune 100. Redgate’s philosophy is to design highly usable, reliable tools which elegantly solve the problems that developers and DBAs face every day. SimPrints is a non-profit tech company committed to improving the lives of the poor.

Backed by the Gates Foundation and UKaid, SimPrints has developed a mobile biometric scanner using open source software to empower the mobile tools used by NGOs and governments around the world, and improve vaccination coverage, TB monitoring, and maternal healthcare projects.
​Multiple vulnerabilities have been addressed in Junos Space 15.1R1 release.These include cross site scripting (XSS), SQL injection and command injection vulnerabilities.

These vulnerabilities may potentially allow a remote unauthenticated network based attacker with access to Junos Space to execute arbitrary code on Junos Space.

These vulnerabilities were found during internal product testing. These issues have been assigned CVE-2015-7753. OpenJDK runtime was upgraded to 1.7.0 update_79 which resolves: CVE CVSS v2 base score Summary CVE-2014-0429 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Vulnerability in Java 2D. CVE-2014-0456 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Vulnerability in Java Hotspot. CVE-2014-0460 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) Vulnerability in JNDI. CVE-2014-0453 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N) Vulnerability in Java Security. Following vulnerability was resolved in OpenNMS software included with Junos Space: CVE CVSS v2 base score Summary CVE-2015-0975​ 6.5 ​(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) OpenNMS Authenticated XXE ​​​KVM Package​ was upgraded to kvm-83-273.el5.centos.x86_64.rpm which resolves the following vulnerability: CVE CVSS v2 base score Summary CVE-2015-3209 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Heap-based buffer overflow vulnerability in the PCNET controller in QEMU. Mozilla NSS Package​ was upgraded to nss-3.18.0-6.el5_11 which resolves the following vulnerability: CVE CVSS v2 base score Summary CVE-2014-1568 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) NSS does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures. Apache HTTP Server was upgraded to 2.2.31 resolving the following issues: CVE CVSS v2 base score Summary CVE-2013-2249 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Vulnerability in Apache mod_session_dbd module. CVE-2013-6438 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service in Apache mod_dav module. CVE-2014-0098 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service in Apache mod_log_config module. MySQL was upgraded to 5.6.23 which resolves the following vulnerabilities that may pose a risk to MySQL as used in Junos Space:​ CVE CVSS v2 base score Summary CVE-2014-6491 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Vulnerability in MySQL Server related to SERVER:SSL:yaSSL. CVE-2014-6500 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Vulnerability in MySQL Server related to SERVER:SSL:yaSSL. CVE-2015-0501 5.7 (AV:N/AC:M/Au:M/C:N/I:N/A:C) Vulnerability in MySQL Server related to Server : Compiling. CVE-2014-6478 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Vulnerability in MySQL Server related to SERVER:SSL:yaSSL. CVE-2014-6494 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Vulnerability in MySQL Server related to CLIENT:SSL:yaSSL. CVE-2014-6495 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Vulnerability in MySQL Server related to SERVER:SSL:yaSSL. CVE-2014-6496 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Vulnerability in MySQL Server related to CLIENT:SSL:yaSSL. CVE-2014-6559 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Vulnerability in MySQL Server related to C API SSL CERTIFICATE HANDLING. CVE-2015-2620 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Vulnerability in MySQL Server related to Server : Security : Privileges. CVE-2013-5908 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P) Vulnerability in MySQL Server related to Error Handling. The following software releases have been updated to resolve these issues: Junos Space 15.1R1, and all subsequent releases.​CVE-2015-0975​ is being tracked as PR 1060097.CVE-2015-3209​ is being tracked as PR ​1067419.​​OpenJDK JRE upgrade is being tracked as PR 987​851.Apache upgrade is being tracked as PR 987853.MySQL upgrade is being tracked as PR 987852.These PRs are visible on the Customer Support website.​KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.​​As a workaround, use access lists or firewall filters to limit access to the device, so that it can only be accessed from trusted hosts which are restricted from accessing potentially hazardous sites and services. Restrict access to only highly trusted administrators.To mitigate XSS vulnerabilities with Junos Space use a dedicated client and dedicated web browser that is not used to access other sites.Information for how Juniper Networks uses CVSS can be found at KB16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories"
The ​OpenSSL project has published a set of security advisories for vulnerabilities resolved in the OpenSSL library in June and July 2015: CVE CVSS v2* base score Summary CVE-2015-1791 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. CVE-2015-1793 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)​ An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate.​ CVE-2015-1790 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. CVE-2015-1792 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. CVE-2015-1788 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. CVE-2015-1789 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. *CVSS v2 scores provided for backward compatibility with NVD.Junos OS is affected by one or more of these vulnerabilities.  Note that CVE-2014-8176 was also included in an OpenSSL advisory, but no Juniper products use DTLS for communication. ​The following software releases have been​ updated to resolve this specific issue: Junos OS 12.1X44-D55, 12.1X46-D40, 12.1X47-D25​, 12.3R11, 12.3X48-D20, 13.2X51-D40, 13.3R7, 14.1R6, 14.2R4, 15.1R2, 15.1X49-D20​, and all subsequent releases.OpenSSL library has been upgraded to 0.9.8zg in Junos OS 12.1X44-D55, 12.1X46-D40, 12.1X47-D25​, 12.3R11, 12.3X48-D20, 13.2X51-D40 and subsequent releases.OpenSSL library has been upgraded to 1.0.1p in Junos OS 12.1X46-D55, 12.1X47-D45, 12.3X48-D30, 13.3R7, 14.1R6, 14.2R4, 15.1R2, 15.1X49-D20​, and all subsequent releases to resolve all vulnerabilities listed above. Juniper SIRT is not aware of any malicious exploitation of this vulnerability.This issue is being tracked for Junos OS as PRs 1095598, ​1095604​, 1103020 and 1153463 which are visible on the Customer Support website.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.​​​Since SSL is used for remote network configuration and management applications such as J-Web and SSL Service for JUNOScript (XNM-SSL), viable workarounds for this issue in Junos may include:Disabling J-Web Disable SSL service for JUNOScript and only use Netconf, which makes use of SSH, to make configuration changes Limit access to J-Web and XNM-SSL from only trusted networks How to obtain fixed software:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version.
In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame.

For these cases, Service Releases are made available in order to be more timely.
Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release.

Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History: 2015-10-14: Initial publication2016-10-05: Update the list of Junos releases which have OpenSSL 1.0.1p or later (i.e added 12.1X46-D55, 12.1X47-D45, 12.3X48-D30). Information for how Juniper Networks uses CVSS can be found at KB16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories"
Product Defect Fixed releases availability Cisco WebEx Meetings Server versions 1.x CSCuu82698 2.0.1.915 and later Cisco WebEx Meetings Server versions 2.x CSCuu82698 2.0.1.915 and later Cisco WebEx Node for MCS CSCuu82686 3.12.9.1 (July 2015) Cisco WebEx Social CSCuu82594 No additional releases are planned. Cisco Agent for OpenFlow CSCuu82738 4.002 (TBD) Cisco AnyConnect Secure Mobility Client for Android CSCuu83398 A patch will be available July 2015. Cisco AnyConnect Secure Mobility Client for Linux CSCuu83398 A patch will be available July 2015. Cisco AnyConnect Secure Mobility Client for Windows CSCuu83398 A patch will be available July 2015. Cisco AnyConnect Secure Mobility Client for iOS CSCuu83398 A patch will be available July 2015. Cisco Jabber Guest 10.0(2) CSCuu83421 10.7 (TBD) Cisco Jabber Software Development Kit CSCuu82560 11.0(0) (26-Aug-2015) Cisco Jabber for Android CSCuu83433 11.0 (TBD) Cisco Jabber for Mac CSCuu82558 11.0(1) (TBD) Cisco Jabber for Windows CSCuu82561 11.0 (July 2015) Cisco Jabber for iOS CSCuu82555 11.0 (Aug. 2015) Cisco WebEx Meetings Client - Hosted CSCuu83331 Affected systems have been updated. Cisco WebEx Meetings Client - On-Premises CSCuu82694 Affected systems have been updated. Cisco WebEx Meetings for Android CSCuu82689 8.5 (Sept. 2015) WebEx Meetings Server - SSL Gateway CSCuu82699 2.6 (TBD) WebEx Recording Playback Client CSCuu82702 Affected systems have been updated. Cisco ACE 30 Application Control Engine Module CSCuu82343 Affected systems have been updated. Cisco ACE 4710 Application Control Engine (A5) CSCuu82343 Affected systems have been updated. Cisco Application and Content Networking System (ACNS) CSCuu82717 5.5.41 (Oct. 2015) Cisco InTracer CSCuu83316 16.4.0 (TBD) Cisco Network Admission Control (NAC) CSCuu83378 A patch will be available for vulnerable releases Oct. 2015. Cisco Visual Quality Experience Server CSCuu83371 3.10.3 (24-July-2015)3.9.6 (31-July-2015)3.8.7 (7-Aug-2015) Cisco Visual Quality Experience Tools Server CSCuu83371 3.10.3 (24-July-2015)3.9.6 (31-July-2015)3.8.7 (7-Aug-2015) Cisco Wide Area Application Services (WAAS) CSCuu82735 5.5.5 (7-Aug-2015)6.1.0 (Sept. 2015) Cisco ASA CX and Cisco Prime Security Manager CSCuu82737 Affected systems will be updated 31-July-2015. Cisco Adaptive Security Appliance (ASA) CSCuu83280 9.2.4.1 Cisco Content Security Appliance Updater Servers CSCuu83328 2.0.3 (TBD) Cisco Content Security Management Appliance (SMA) CSCuu82683 Affected systems will be updated by 30-Jun-2015. Cisco Email Security Appliance (ESA) CSCuu82678 TBD Cisco FireSIGHT System Software CSCuu82682 5.3.0.7 (14-Sept-2015)5.3.1.6 (14-Sept-2015)5.4.0.4 (14-Sept-2015)5.4.1.3 (14-Sept-2015) Cisco IPS CSCuu82497 Cisco IPS 7.1.11 (TBD)Cisco IPS 7.3.5 (TBD) Cisco Identity Services Engine (ISE) CSCuu83386 1.4 (Oct 2015)2.0 (Oct 2015) Cisco IronPort Encryption Appliance (IEA) CSCuu82681 No additional releases are planned. Cisco NAC Guest Server CSCuu82729 No additional releases are planned. Cisco NAC Server CSCuu82725 A patch will be available for vulnerable releases Oct. 2015. Cisco Physical Access Control Gateway CSCuu82476 1.5.4 (15-Aug-2015) Cisco Secure Access Control Server (ACS) CSCuu82493 5.008 (TBD) Cisco Web Security Appliance (WSA) CSCuv84060 9.0.0 (TBD) Cisco Application Networking Manager CSCuu82344 ANM OVA 5.2.7 (TBD) Cisco Cloupia Unified Infrastructure Controller CSCuu83341 5.3.2.0 (30-Jul-2015)5.4.0.0 (30-Oct-2015) Cisco MATE Collector CSCuv32694 6.2.1(Aug/Sept 2015)6.1.4 (Aug/Sept 2015) Cisco MATE Design CSCuv32694 6.2.1(Aug/Sept 2015)6.1.4 (Aug/Sept 2015) Cisco MATE Live CSCuv32694 6.2.1(Aug/Sept 2015)6.1.4 (Aug/Sept 2015) Cisco Mobile Wireless Transport Manager CSCuu83361 6.001(10-July-2015) Cisco Multicast Manager CSCuu82380 No additional releases are planned. Cisco Netflow Collection Agent CSCuu82404 1.1.1 (12-July-2015) Cisco Network Analysis Module CSCuu82402 6.2.1 (12-July-2015) Cisco Packet Tracer CSCuu82441 7.0 (24-July-2015) Cisco Prime Access Registrar CSCuu82382 7.0.1 Cisco Prime Collaboration Assurance CSCuu82409 PCA 11.0 (Aug. 2015) Cisco Prime Collaboration Deployment CSCuu82533 11.5 (TBD) Cisco Prime Collaboration Provisioning CSCuu82408 11.0 (31-July-2015) Cisco Prime Data Center Network Manager (DCNM) CSCuu82350 Affected systems have been updated. Cisco Prime Infrastructure Standalone Plug and Play Gateway CSCuu83360 2.2.0.14 (July 2015) Cisco Prime Infrastructure CSCuu82403 3.0 (Aug. 2015) Cisco Prime LAN Management Solution (LMS - Solaris) CSCuu82378 4.002(005) (Aug. 2015) Cisco Prime License Manager CSCuu82442 11.0 (TBD) Cisco Prime Network Registrar (CPNR) CSCuu82381 8.1.x( TBD)8.2.x (TBD)8.3.2 (Sept. 2015) Cisco Prime Network Registrar IP Address Manager (IPAM) CSCut84576 IPAM 8.1.3 OVA Cisco Prime Network Services Controller CSCuu82412 Affected versions have been updated. Cisco Prime Network CSCuu82370 Affected systems have been updated. Cisco Prime Optical for Service Providers CSCuu82386 A patch will be available 25-July-2015. Cisco Prime Performance Manager CSCuu82372 1.6. (31-July-2015)1.7 (Sept 2015) Cisco Prime Security Manager CSCuu82733 9.3.5.1 (July 2015) Cisco Security Manager CSCuu82411 4.7 SP2CP1 (31-July-2015)4.8 SP1 (31-July-2015)4.9 FCS (31-Aug-2015) Cisco Show and Share (SnS) CSCuu82449 5.6.1 (Aug. 2015) Cisco UCS Central CSCuu82364 1.4(1a) (Dec. 2015) Local Collector Appliance (LCA) CSCuu82760 2.2.10 (31-July-2015) Cisco 910 Industrial Router CSCuu85190 1.2.1 (30-Jun-2015) Cisco ASR 5000 Series CSCuu83317 20.0 (TBD) Cisco Application Policy Infrastructure Controller (APIC) CSCuu83343 1.1(2h)1.2(1) (pending) Cisco Connected Grid Router - CGOS CSCuu82349 Please migrate to NXT. Cisco Connected Grid Router CSCuu83373 See CSCuu82763 for fixed releases. Cisco IOS Software and Cisco IOS XE Software CSCuu82607 15.5(03)S (TBD) Cisco IOS XE Software (Web UI feature only) CSCuu82763 (TBD) Cisco IOS XR Software CSCuu83297 See CSCur26433 for fixed releases. Cisco MDS 9000 Series Multilayer Switches CSCuv71201 6.2.15 (Dec. 2015) Cisco Nexus 1000V InterCloud CSCuu82353 3.1.1 (TBD) Cisco Nexus 1000V Series Switches CSCuu82360 N1K 5.2(1)SV3(1.5) (July 2015) Cisco Nexus 1010 CSCuu82470 5.2(1)SP1(7.4) (Oct. 2015) Cisco Nexus 3X00 Series Switches CSCuu82362 (TBD) Cisco Nexus 4000 Series Blade Switches CSCuu82499 4.1(2)E1(1p) (31-July-2015) Cisco Nexus 5000 Series Switches CSCuu83350 7.1(2)N1(1) Cisco Nexus 6000 Series Switches CSCuu83350 7.1(2)N1(1) Cisco Nexus 7000 Series Switches CSCuu82356 6.2.14 (15-Aug-2015)7.2 (30-Sept-2015) Cisco Nexus 9000 (ACI/Fabric Switch) CSCuu83344 Cisco Nexus 9000 Series (standalone, running NxOS) CSCuu82359 7.0(3)I2(1).(30-Jun-2015) Cisco ONS 15454 Series Multiservice Provisioning Platforms CSCuu82475 10.52 Cisco OnePK All-in-One VM CSCuu82474 Admin update via shell Cisco Service Control Operating System CSCuu82515 5.2.0 (Sept. 2015) Cisco RV180W Wireless-N Multifunction VPN Router CSCuu83390 No further releases are planned. Cisco Sx220 Switches CSCuu83388 1.1.x.x (TBD) Cisco Sx300 Switches CSCuu83393 1.5.x.x (June 2016) Cisco Sx500 Switches CSCuu83395 1.5..x.x (June 2016) Cisco Standalone Rack Server CIMC CSCuu82366 2.0.8 (Aug. 2015) Cisco UCS Invicta Series Solid State Systems CSCuu82354 TBD Cisco Unified Computing System (Management software) CSCuu83383 3.1(0.9)A (Oct. 2015) Cisco Unified Computing System B-Series Blade Servers CSCuu83352 2.2.7 (Feb. 2016) Cisco Virtual Security Gateway CSCuu83351 5.2(1)VSG2(1.4) (Aug. 30 2015) Cisco Virtualization Experience Media Engine CSCuu83434 No further releases planned. Cisco 190 ATA Series Analog Terminal Adaptor CSCuu82526 1.2.2 (June 2016) Cisco 8800 Series IP Phones - VPN Feature CSCuu83429 11.0 (TBD) Cisco ATA 187 Analog Telephone Adaptor CSCuu82570 9.2(3) (30-Dec-2015) Cisco Agent Desktop for Cisco Unified Contact Center Express CSCuu83413 11.0 (Aug. 2015) Cisco Agent Desktop CSCuu82330 9.5(1) (TBD) Cisco Computer Telephony Integration Object Server (CTIOS) CSCuu82335 11.0 (TBD) Cisco DX Series IP Phones CSCuu82576 TBD Cisco Emergency Responder CSCuu82547 11.5 (TBD) Cisco Finesse CSCuu83416 Cisco Hosted Collaboration Mediation Fulfillment CSCuu82553 10.6.2 (TBD) Cisco IM and Presence Service (CUPS) CSCuu82551 11.5.0.98000-120 (TBD) Cisco IP Interoperability and Collaboration System (IPICS) CSCuu82461 IPICS 5.0 (Dec. 2015) Cisco MediaSense CSCuu82571 10.5 (TBD)11.0 (TBD) Cisco MeetingPlace CSCuu82563 8.6 (9-July-2015) Cisco Paging Server (InformaCast) CSCuu82554 11.0.2 (6-July-2015) Cisco Paging Server CSCuu82554 11.0.2 (6-July-2015) Cisco SPA112 2-Port Phone Adapter CSCuu82486 1.4.1 (31-Oct-2015) Cisco SPA122 ATA with Router CSCuu82486 1.4.1 (31-Oct-2015) Cisco SPA232D Multi-Line DECT ATA CSCuu82486 1.4.1 (31-Oct-2015) Cisco SPA30X Series IP Phones CSCuu82490 7.6.1 (17-Sept-2015) Cisco SPA50X Series IP Phones CSCuu82490 7.6.1 (17-Sept-2015) Cisco SPA51X Series IP Phones CSCuu82490 7.6.1 (17-Sept-2015) Cisco SPA525G CSCuu82487 7.6.1 (17-Sept-2015) Cisco SocialMiner CSCuu82529 11.5(1) Cisco Unified 7800 Series IP Phones CSCuu82579 11.0 (Oct. 2015) Cisco Unified 8831 Series IP Conference Phone CSCuu82568 10.3.2 (Oct. 2015) Cisco Unified 8945 IP Phone CSCuu83426 TBD Cisco Unified 8961 IP Phone CSCuu83419 9.4(2) (Feb. 2016) Cisco Unified 9951 IP Phone CSCuu83419 9.4(2) (Feb. 2016) Cisco Unified 9971 IP Phone CSCuu83419 9.4(2) (Feb. 2016) Cisco Unified Attendant Console Advanced CSCuu82523 11.0.1 (19-Aug-2015) Cisco Unified Attendant Console Business Edition CSCuu82523 11.0.1 (19-Aug-2015) Cisco Unified Attendant Console Department Edition CSCuu82523 11.0.1 (19-Aug-2015) Cisco Unified Attendant Console Enterprise Edition CSCuu82523 11.0.1 (19-Aug-2015) Cisco Unified Attendant Console Premium Edition CSCuu82523 11.0.1 (19-Aug-2015) Cisco Unified Attendant Console Standard CSCuu82525 11.5(1) (Sept. 2015) Cisco Unified Communications Domain Manager CSCuu82540 Affected systems have been updated. Cisco Unified Communications Manager (UCM) CSCuu82530 11.5 (TBD) Cisco Unified Communications Manager Session Management Edition (SME) CSCuu82530 11.5 (TBD) Cisco Unified Contact Center Enterprise CSCuu82335 11.0 (TBD) Cisco Unified Contact Center Express CSCuu82538 11.0 (Aug. 2015) Cisco Unified IP Conference Phone 8831 for Third-Party Call Control CSCuu82519 9.3(5) (31-Dec-2015) Cisco Unified IP Phone 7900 Series CSCuu82580 9.4(1)SR1.2 Cisco Unified Intelligence Center (CUIC) CSCuu82332 11.5 (May 2016) Cisco Unified Intelligent Contact Management Enterprise CSCuu82335 11.0 (TBD) Cisco Unified SIP Proxy CSCuu82329 8.5(x) (June 2016)9.0.1 (June 2016) Cisco Unified Wireless IP Phone CSCuu83436 1.4.8 (Dec. 2015) Cisco Unified Workforce Optimization CSCuu82595 10.5 SR611.0 Cisco Unity Connection CSCuu83410 9.1(2) (TBD)11.5 (TBD)10.5(2) (TBD) Cisco AnyRes Live (CAL) CSCuu82742 9.6 (Aug. 2015) Cisco D9036 Modular Encoding Platform CSCuu82746 2.4 (Oct. 2015) Cisco Digital Media Players (DMP) 4300 Series CSCuu83362 5.4(1)RB(2P3) (15-July-2015)5.3(6)RB(2P3) (15-July-2015) Cisco Digital Media Players (DMP) 4400 Series CSCuu83362 5.4(1)RB(2P3) (15-July-2015)5.3(6)RB(2P3) (15-July-2015) Cisco Edge 300 Digital Media Player CSCuu82504 1.6RB3 (15-July-2015) Cisco Edge 340 Digital Media Player CSCuu82505 1.2 (15-July-2015) Cisco Enterprise Content Delivery System (ECDS) CSCuu83363 2.6.5 (31-July-2015) Cisco Expressway Series CSCuu82459 X8.6 (July 2015) Cisco Headend System Release CSCuu86854 3.0.2 Cisco Internet Streamer (CDS) CSCuu82713 4.2 (TBD) Cisco Jabber Video for TelePresence (Movi) CSCuu82436 No additional releases are planned. Cisco Media Experience Engines (MXE) CSCuu83369 MXE3500 v3.5 (22-Jun-2015) Cisco Media Services Interface CSCuu82417 No additional releases are planned. Cisco Model D9485 DAVIC QPSK CSCuu82739 1.2.19 (31-Jul-2015) Cisco TelePresence 1310 CSCuu82518 Cisco TelePresence Advanced Media Gateway Series CSCuu82419 No additional releases are planned. Cisco TelePresence Conductor CSCuu82420 X4.0 (27-July-2015) Cisco TelePresence Content Server (TCS) CSCuu74320 6.3 (21-July-2015) Cisco TelePresence EX Series CSCuu82450 7.3.3 (19-June-2015) Cisco TelePresence ISDN GW 3241 CSCuu82429 2.2MR5 (Sept. 2015) Cisco TelePresence ISDN GW MSE 8321 CSCuu82429 2.2MR5 (Sept. 2015) Cisco TelePresence ISDN Link CSCuu82431 1.1.6 (Jan. 2016) Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300) CSCuu82435 4.5MR2 (July 2015) Cisco TelePresence MX Series CSCuu82450 7.3.3 (19-June-2015) Cisco TelePresence Profile Series CSCuu82450 7.3.3 (19-June-2015) Cisco TelePresence SX Series CSCuu82450 7.3.3 (19-June-2015) Cisco TelePresence Serial Gateway Series CSCuu82447 1.0MR5 (Oct. 2015) Cisco TelePresence Server 8710, 7010 CSCuu82452 4.2 (July 2015) Cisco TelePresence Server on Multiparty Media 310, 320 CSCuu82452 4.2 (July 2015) Cisco TelePresence Server on Virtual Machine CSCuu82452 4.2 (July 2015) Cisco TelePresence Supervisor MSE 8050 CSCuu82437 2.3 (July 2015) Cisco TelePresence System 1000 CSCuu82518 Cisco TelePresence System 1100 CSCuu82518 Cisco TelePresence System 1300 CSCuu82518 Cisco TelePresence System 3000 Series CSCuu82518 Cisco TelePresence System 500-32 CSCuu82518 Cisco TelePresence System 500-37 CSCuu82518 Cisco TelePresence TX 9000 Series CSCuu82518 Cisco TelePresence Video Communication Server (VCS) CSCuu82459 X8.6 (July 2015) Cisco Telepresence Integrator C Series CSCuu82450 7.3.3 (19-June-2015) Cisco VEN501 Wireless Access Point CSCuu82710 20.2.48.11 (July 2015) Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) CSCuu83370 4.2 (31-July-2015) Cisco Video Surveillance 3000 Series IP Cameras CSCuu82480 2.7 (31-Jan-2016) Cisco Video Surveillance 4000 Series High-Definition IP Cameras CSCuu82478 Affected systems will be updated 31-Jan-2016. Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras CSCuu82479 Affected systems will be updated 31-Jan-2016. Cisco Video Surveillance 6000 Series IP Cameras CSCuu82480 2.7 (31-Jan-2016) Cisco Video Surveillance 7000 Series IP Cameras CSCuu82480 2.7 (31-Jan-2016) Cisco Video Surveillance Media Server CSCuu82481 7.7.0 (26-Sept-2015) Cisco Video Surveillance PTZ IP Cameras CSCuu82480 2.7 (31-Jan-2016) Cisco Videoscape Control Suite CSCuu86705 3.6 (TBD) Cloud Object Store (COS) CSCuu82712 2.1.2 (Available)3.0.1 (24-July-2015) Tandberg Codian ISDN GW 3210/3220/3240 CSCuu82429 2.2MR5 (Sept. 2015) Tandberg Codian MSE 8320 Model CSCuu82429 2.2MR5 (Sept. 2015) Cisco IOS Access Points CSCuu71585 See CSCuu82607 for first fixes. Cisco Mobility Services Engine (MSE) CSCuu83358 8.0 - 8.0.130.0 (15-Oct-2015) Cisco Wireless LAN Controller (WLC) CSCuu82416 8.2 and previous releases (Nov. 2015) Cisco Common Services Platform Collector CSCuu82668 Affected systems have been updated. Cisco Connected Analytics For Collaboration CSCuu82671 A patch will be available June 30, 2015. Cisco Intelligent Automation for Cloud CSCuu82460 A patch file is available for vulnerable releases. Cisco Registered Envelope Service (CRES) CSCuu83326 4.4.1 (10-Jun-2015) Cisco Universal Small Cell 5000 Series running V3.4.2.x software CSCuu82508 V3.4.2.24 (July 2015) Cisco Universal Small Cell 7000 Series running V3.4.2.x software CSCuu82508 V3.4.2.24 (July 2015) Cisco Universal Small Cell CloudBase CSCuu83403 TBD Cisco WebEx Messenger Service CSCuu82700 7.9.8 EP 1 (19-Jun-2015) Cisco Webex Multimedia Platform CSCuu83333 3.8.3.1 Partner Supporting Service (PSS) 1.x CSCuu83380 2.7 (10-Jul-2015) Small Cell factory recovery root filesystem V2.99.4 or later CSCuu83402 TBD
On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 (DDR3) synchronous dynamic random-access memory (SDRAM) to perform privilege escalation attacks on systems that contain the affected hardware.

The fl...
Google plans to disable support for SSL 3.0 in an upcoming Chrome release. Mozilla has similar intentions. Google researchers first publicly disclosed a flaw dubbed "POODLE" in the SSL 3.0 protocol on Oct. 14. Though Google made a patch available for servers to help mitigate the risk, one of the best long-term solutions to the flaw is for browser vendors to drop support for SSL 3.0, which is now what Google is pledging to do for its Chrome browser. The POODLE, or Padding Oracle On Downgraded Legacy Encryption, vulnerability could potentially enable an attacker to access and read encrypted communications. SSL 3.0 is a legacy protocol that has been replaced by the newer TLS 1.2 although many browser and server vendors have still supported SSL 3.0 as a fallback mechanism. In a mailing list posting, Google developer Adam Langley wrote that for the upcoming Chrome 39 stable release, SSL 3.0 fallback will be disabled. "SSLv3 fallback is only needed to support buggy HTTPS servers," Langley wrote. "Servers that correctly support only SSLv3 will continue to work (for now), but some buggy servers may stop working." If a user hits a server or online application that doesn't work, due to the SSL 3.0 fallback removal, Chrome will show a yellow badge over the lock icon in the browser. By disabling the fallback and showing the yellow warning badge, Google is giving site owners a chance to update their sites before dropping SSL 3.0 entirely. The current plan is for Chrome 40 to completely disable SSL 3.0 support. Google isn't the only browser vendor to take steps to limit the risk of POODLE. The upcoming Mozilla Firefox 34 release is also set to remove support for SSL 3.0. Microsoft however is taking a slightly different tack for its Internet Explorer browser. There is now a "Fix it" tool from Microsoft to disable support for SSL 3.0. When POODLE was first reported on Oct. 14, Microsoft wrote in an advisory that, "considering the attack scenario, this vulnerability is not considered high risk to customers." Apple has also taken steps to limits its users' exposure to POODLE. In its Mac OS X operating systems, Apple has not entirely blocked SSL 3.0, but rather has disabled the use of CBC, or cipher block chaining, with Secure Sockets Layer (SSL), which is at the root cause of the POODLE flaw. Though the POODLE flaw was disclosed two weeks ago, to date there have been no public reports of any exploitation as a result of the vulnerability. In contrast, a SQL injection vulnerability reported in the open-source Drupal content management system on Oct. 15 was exploited by attackers within seven hours. The fact that POODLE has not been actively exploited is likely due to a number of factors, including very low usage of SSL 3.0. Mozilla noted when POODLE was first disclosed that SSL 3.0 only accounted for 0.3 percent of all HTTPS connections. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
When it comes to all things cyber there is a tendency to always look for a technology solution. Yet although technology is an essential part of any cyber solution, it is people using technology and many other skills, who deliver genuine cyber resilience. The reality is lots of different types of people and skills are required, to ‘ride the wave of chaos’ that cyber threats create in what is perhaps the most complex and dynamic ‘market’ in the world. So first what is cyber resilience, second what skills and people are needed and how do we develop people and teams?  Cyber resilience is the capability of an organisation (public or private), to have the agility to be proactive, responsive, robust, flexible and adaptive to cyber threats and attacks. In an era of ‘industrial’ levels of cyber crime, thieves and other attackers will find the combination of attack characteristics (vectors, payloads, behaviours and effects) to circumvent any security capabilities that are in place, to achieve their aim.  To be resilient requires a genuine ‘board room to server room’ approach. This includes organisation’s strategically accepting a level of risk and proactively managing it, supported by a diverse and practiced team. This team stretching across all business functions and often including external stakeholders, needs to be able to communicate, collaborate, and establish mutual trust and shared understanding, to develop the necessary agility required for cyber resilience against complex, dynamic and uncertain attacks by criminals and others.  But who are the people and what skills are needed to develop cyber resilience? The answer goes well beyond the traditional and important pool of academic and certified personal qualifications. These are important skills and have a high cost of entry, and can lead to a narrow focus on encouraging a particular type of person, whilst perhaps discouraging people outside the IT area to engage with and to understand the issues and risks. It deceives organisations into thinking this is a technology problem and solution – it isn’t. But a narrow focus on these ‘black arts’ skills can also lead to a very narrow recruitment pool and career path with few opportunities to grow and bring value beyond cyber security.  So to widen the talent pool and to help engage the wider organisation to develop cyber resilience, requires a change of approach. In particular to develop an education and training programme which can be opened up to apprentices and to draw people in from other disciplines, who understand the business and can communicate effectively the risks and consequences of different attacks. This broadening of the team skills and backgrounds should increasingly enable organisations to ‘think thief’ and ‘join the dots,’ when considering different cyber attacks.  This change of approach needs to move from traditional paper-based and didactic learning to more individual experiential learning – learning through reflection on doing; and cooperative learning, where problems are solved through collaboration and using the collective resources and skills. This can bring together software and network engineers, data analysts, business operations, corporate communications, business continuity, crisis management, psychology, security and other disciplines together, in a similar way that those exploiting business intelligence and big data often fuse teams from different disciplines and goes beyond contextual analytics, but rather really exploits them.  This approach can encourage and identify those people who are only constrained by their imagination and their ‘chutzpah’ to try it, these are the type of people who can social engineer their way to achieving their chosen effect, or understand how others may. With these multi-skilled teams  drawing expertise from across the technical and business teams of an organisation, a more agile (software) manifesto type approach of iterative development of cyber resilience can be achieved.  This can range from identifying vulnerabilities to developing incident response plans across all business functions, so that when an attack occurs the consequences can be effectively managed whilst the diagnosis and remediation is taking place.  The reality is every organisation will be attacked, the best way to manage this risk, is to develop organisational cyber resilience. This requires new approaches to widening and rapidly developing the talent pool at its centre.  Richard Preece is a director of cyber training specialist cybX 
It's all too easy to neglect data security, especially for a small business. While bigger organizations have IT departments, service contracts, and enterprise hardware, smaller companies frequently rely on consumer software, which lacks the same sort of always-on security functionality. But that doesn’t mean that your data is unimportant, or that it has to be at risk. Encryption is a great way...