-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2015-0003.10
Synopsis: VMware product updates address critical information
disclosure issue in JRE.
Issue date: 2015-04-02
Updated on: 2015-08-14
CVE number: CVE-2014-6593, for other CVEs see JRE reference
- ------------------------------------------------------------------------
1. Summary
VMware product updates address critical information disclosure
issue in JRE.
2. Relevant Releases
Horizon View 6.x or 5.x
Horizon Workspace Portal Server 2.1 or 2.0
Horizon DaaS Platform 6.1.4 or 5.4.5
vCloud Networking and Security prior to 5.5.4.1
vCloud Connector 2.7
vCloud Usage Meter 3.3
vCenter Site Recovery Manager prior to 5.5.1.5
vCenter Server 6.0, 5.5, 5.1 or 5.0
vRealize Operations Manager 6.0
vCenter Operations Manager 5.8.x or 5.7.x
vCenter Support Assistant 5.5.1.x
vRealize Application Services 6.2 or 6.1
vCloud Application Director 6.0
vRealize Automation 6.2 or 6.1
vCloud Automation Center 6.0.1
vSphere Replication prior to 5.8.0.2, 5.6.0.3 or 5.5.1.5
vRealize Automation 6.2.x or 6.1.x
vRealize Code Stream 1.1 or 1.0
vFabric Postgres 9.3.6.0, 9.2.10.0 or 9.1.15.0
vRealize Hyperic 5.8.x, 5.7.x or 5.0.x
vSphere AppHA Prior to 1.1.x
vSphere Big Data Extensions 2.1 and 2.0
vCenter Chargeback Manager 2.7 or 2.6
vRealize Business Adv/Ent 8.1 or 8.0
vRealize Business Standard prior to 1.1.x or 1.0.x
NSX for vSphere 6.1
NSX for Multi-Hypervisor prior to 4.2.4
vCloud Director prior to 5.5.3
vCloud Director Service Providers prior to 5.6.4.1
vCenter Application Discovery Manager 7.0
vRealize Configuration Manager 5.7.x or 5.6.x
vRealize Infrastructure 5.8 or 5.7
vRealize Orchestrator 6.0, 5.5 or 5.1.3.1
vRealize Log Insight 2.5, 2.0, 1.5 or 1.0
vSphere Management Assistant 5.5 or 5.1
vSphere Update Manager 6.0, 5.5, 5.1 or 5.0
EVO:RAIL prior to 1.2.1
3. Problem Description
a. Oracle JRE Update
Oracle JRE is updated in VMware products to address a
critical security issue that existed in earlier releases of
Oracle JRE.
VMware products running JRE 1.7 Update 75 or newer and
JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593,
as documented in the Oracle Java SE Critical Patch Update
Advisory of January 2015.
This advisory also includes the other security issues that
are addressed in JRE 1.7 Update 75 and JRE 1.6 Update 91. The
References section provides a link to the JRE advisory.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2014-6593 to this issue. This
issue is also known as "SKIP" or "SKIP-TLS".
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch**
============= ======= ======= =================
Horizon View 6.x any 6.1
Horizon View 5.x any 5.3.4
Horizon Workspace Portal 2.1 ,2.0 any 2.1.1
Server
Horizon DaaS Platform 6.1 any 6.1.4
Horizon DaaS Platform 5.4 any 5.4.5
vCloud Networking and Security 5.5 any 5.5.4.1*
vCloud Connector 2.7 any 2.7.1*
vCloud Usage Meter 3.3 any 3.3.3*
vCenter Site Recovery Manager 5.5.x any 5.5.1.5***
vCenter Site Recovery Manager 5.1.x any patch pending***
vCenter Site Recovery Manager 5.0.x any patch pending***
vCenter Server 6.0 any 6.0.0a
vCenter Server 5.5 any Update 2e
vCenter Server 5.1 any Update 3a
vCenter Server 5.0 any Update 3d
vRealize Operations Manager 6.0 any KB2111898
vCenter Operations Manager 5.8.x any KB2111172
vCenter Operations Manager 5.7.x any KB2111172
vCenter Support Assistant 5.5.1.x any 6.0
vRealize Application Services 6.2 any KB2111981
vRealize Application Services 6.1 any KB2111981
vCloud Application Director 6.0 any KB2111981
vCloud Application Director 5.2 any KB2111981
vRealize Automation 6.2 any KB2111658
vRealize Automation 6.1 any KB2111658
vCloud Automation Center 6.0.1 any KB2111658
vRealize Code Stream 1.1 any KB2111658
vRealize Code Stream 1.0 any KB2111658
vPostgres 9.3.x any 9.3.6.0
vPostgres 9.2.x any 9.2.10.0
vPostgres 9.1.x any 9.1.15.0
vSphere Replication 5.8.0 any 5.8.0.2
vSphere Replication 5.6.0 any 5.6.0.3
vSphere Replication 5.5.0 any 5.5.1.5
vSphere Replication 5.1 any patch pending
vRealize Hyperic 5.8 any KB2111337
vRealize Hyperic 5.7 any KB2111337
vRealize Hyperic 5.0 any KB2111337
vSphere AppHA 1.1 any KB2111336
vSphere Big Data Extensions 2.1 any KB2116604*
vSphere Big Data Extensions 2.0 any KB2116604*
vSphere Data Protection 6.0 any patch pending*
vSphere Data Protection 5.8 any patch pending*
vSphere Data Protection 5.5 any patch pending*
vSphere Data Protection 5.1 any patch pending*
vCenter Chargeback Manager 2.7 any KB2112011*
vCenter Chargeback Manager 2.6 any KB2113178*
vRealize Business Adv/Ent 8.1 any KB2112258*
vRealize Business Adv/Ent 8.0 any KB2112258*
vRealize Business Standard 6.0 any KB2111802
vRealize Business Standard 1.1 any KB2111802
vRealize Business Standard 1.0 any KB2111802
NSX for vSphere 6.1 any 6.1.4*
NSX for Multi-Hypervisor 4.2 any 4.2.4*
vCloud Director 5.5.x any 5.5.3*
vCloud Director For 5.6.4 any 5.6.4.1*
Service Providers
vCenter Application Discovery 7.0 any 7.1*
Manager
vRealize Configuration Manager 5.7.x any KB2111670
vRealize Configuration Manager 5.6 any KB2111670
vRealize Infrastructure 5.8 any 5.8.4
Navigator
vRealize Infrastructure 5.7 any KB2111334*
Navigator
vRealize Orchestrator 6.0 any KB2112028*
vRealize Orchestrator 5.5 any KB2112028*
vRealize Orchestrator 5.1 any 5.1.3.1*
vRealize Log Insight 2.5 any KB2113235*
vRealize Log Insight 2.0 any KB2113235*
vRealize Log Insight 1.5 any KB2113235*
vRealize Log Insight 1.0 any KB2113235*
vSphere Management Assistant 5.5.x any 5.5.0.4
vSphere Management Assistant 5.1.x any 5.1.0.3
vSphere Update Manager 6.0 any 6.0.0a*
vSphere Update Manager 5.5 any Update 2e*
vSphere Update Manager 5.1 any Update 3a*
vSphere Update Manager 5.0 any Update 3d*
EVO:RAIL 1.2.0 any 1.2.1*
* The severity of critical is lowered to important for this product
as is not considered Internet facing
** Knowledge Base (KB) articles provides details of the patches and
how to install them.
*** vCenter Site Recovery Manager 5.0, 5.1, and 5.5 itself do not
include JRE but they include the vSphere Replication appliance
which has JRE. vCenter Site Recovery 5.8 and 6.0 do not include
JRE nor the vSphere Replication appliance.
4. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
Horizon View 6.1, 5.3.4:
========================
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-610-GA&productI
d=492
https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-534-PREMIER&pro
ductId=396
VMware Workspace Portal 2.1.1
=============================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=HZNWS211&productId=5
01&rPId=7586
Documentation:
https://www.vmware.com/support/horizon_workspace/doc/wp_release_notes_211.h
tml
Horizon DaaS Platform 6.1.4
===========================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=HORIZON-DAAS-610-BIN
&productId=405&rPId=6527
Horizon DaaS Platform 5.4.5
===========================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=HORIZON-DAAS-ONPREM-
540&productId=398&rPId=5214
vCloud Networking and Security 5.5.4.1
======================================
Download:
https://my.vmware.com/web/vmware/details?productId=360&rPId=7625&downloadGr
oup=VCNS5541
Documentation:
https://www.vmware.com/support/vshield/doc/releasenotes_vshield_5541.html
vCloud Connector 2.7.1
======================
Downloads and Documentation:
http://www.vmware.com/support/hybridcloud/doc/hybridcloud_271_rel_notes.htm
l
vCloud Usage Meter 3.3.3
========================
Downloads:
https://my.vmware.com/en/group/vmware/get-download?downloadGroup=UMSV333
vCenter Application Discovery Manager 7.1
=========================================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=VADM-710-VA&productI
d=300&rPId=8646
Documentation:
https://www.vmware.com/support/adm/doc/vcenter-application-discovery-manage
r-71-release-notes.html
vCenter Site Recovery Manager 5.5.1.5
======================================
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=SRM5515&productId=35
7&rPId=7774
Documentation:
https://www.vmware.com/support/srm/srm-releasenotes-5-5-1.html
vCenter Server 6.0, 5.5, 5.1, 5.0
=================================
Downloads and Documentation:
https://www.vmware.com/go/download-vsphere
vRealize Operations Manager 6.0.1
=================================
Downloads and Documentation: http://kb.vmware.com/kb/2111898
vCenter Support Assistant 6.0
=============================
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VCSA600&productId=49
1
vRealize Application Services 6.2, 6.1
======================================
Downloads and Documentation: http://kb.vmware.com/kb/2111981
NSX for vSphere 6.1.4
=====================
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?productId=417&downloadGroup=NSX-V-
614
NSX for Multi-Hypervisor 4.2.4
==============================
Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/networking_security/vmware_nsx/4
_x
vCloud Application Director 6.0
======================================
Downloads and Documentation: http://kb.vmware.com/kb/2111981
vCloud Director for Service Providers 5.6.4.1
=============================================
Downloads and Documentation:
https://www.vmware.com/support/pubs/vcd_sp_pubs.html
vCenter Operations Manager 5.8.5, 5.7.4
=======================================
Downloads and Documentation: http://kb.vmware.com/kb/2111172
vCloud Automation Center 6.0.1.2
================================
Downloads and Documentation: http://kb.vmware.com/kb/2111685
vSphere Replication 5.8.0.2, 5.6.0.3, 5.5.1.5
=============================================
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=VR5802
https://my.vmware.com/web/vmware/get-download?downloadGroup=VR5603
https://my.vmware.com/web/vmware/get-download?downloadGroup=VR5515
Documentation:
http://kb.vmware.com/kb/2112025
http://kb.vmware.com/kb/2112022
vRealize Automation 6.2.1, 6.1.1
================================
Downloads and Documentation: http://kb.vmware.com/kb/2111658
vRealize Code Stream 1.1, 1.0
=============================
Downloads and Documentation: http://kb.vmware.com/kb/2111685
vFabric Postgres
================
Downloads
https://my.vmware.com/group/vmware/details?downloadGroup=VFPG_936&productId
=373&rPId=7787
https://my.vmware.com/group/vmware/details?downloadGroup=VFPG_92_10&product
Id=325&rPId=7788
https://my.vmware.com/group/vmware/details?downloadGroup=VFPG_91_15&product
Id=274&rPId=7789
vRealize Hyperic 5.8.4, 5.7.2, 5.0.3
====================================
Downloads and Documentation: http://kb.vmware.com/kb/KB2111337
vSphere AppHA 1.1.1
===================
Downloads and Documentation: http://kb.vmware.com/kb/2111336
vSphere Big Data Extensions 2.1 and 2.0
=======================================
Downloads and Documentation: http://kb.vmware.com/kb/2116604
vCenter Chargeback Manager 2.7
====================================
Downloads and Documentation: http://kb.vmware.com/kb/2112011
vCenter Chargeback Manager 2.6
====================================
Downloads and Documentation: http://kb.vmware.com/kb/2113178
vRealize Business Adv/Ent 8.1, 8.0
====================================
Downloads and Documentation: http://kb.vmware.com/kb/2112258
vRealize Business Standard 6.0, 1.1 , 1.0
=======================================
Downloads and Documentation: http://kb.vmware.com/kb/2111802
vRealize Configuration Manager 5.7.3
===================================
Downloads and Documentation: http://kb.vmware.com/kb/2111670
vRealize Infrastructure Navigator 5.8.4
=======================================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=VIN_584&productId=47
6
vRealize Infrastructure Navigator 5.7
=====================================
Downloads and Documentation: http://kb.vmware.com/kb/2111334
vRealize Orchestrator 6.0, 5.5
=====================================
Downloads and Documentation: http://kb.vmware.com/kb/2112028
vRealize Orchestrator 5.1.3.1
=============================
Download:
https://my.vmware.com/group/vmware/get-download?downloadGroup=VSP51-VCL-VCO
VA-51U3A
Documentation:
https://www.vmware.com/support/pubs/orchestrator_pubs.html
vSphere Management Assistant 5.5.0.4
====================================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=VMA550&productId=352
Documentation: http://kb.vmware.com/kb/2112648
vSphere Management Assistant 5.1.0.3
====================================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=VSP510-VMA-510&produ
ctId=285
Documentation: http://kb.vmware.com/kb/2112647
vSphere Update Manager 6.0, 5.5, 5.1, 5.0
=========================================
Downloads and Documentation:
https://www.vmware.com/go/download-vsphere
EVO:RAIL
========
Downloads and Documentation:
https://my.vmware.com/group/vmware/details?productId=442&downloadGroup=EVOR
AIL1_2_1
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
JRE
Oracle Java SE Critical Patch Update Advisory of January 2015
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- ------------------------------------------------------------------------
6. Change log
2015-04-02 VMSA-2015-0003
Initial security advisory in conjunction with the release of VMware
Horizon View 6.1, 5.3.4; vCenter Operations Manager 5.8.5;
vCenter Operations Manager 5.7.4; vCloud Automation Center
6.0.1.2; vSphere Replication 5.8.0.2, 5.6.0.3; vRealize
Automation 6.2.1, 6.1.1; vRealize Code Stream 1.1, 1.0;
vRealize Hyperic 5.8.4, 5.7.2, 5.0.3; vSphere AppHA 1.1.1;
vRealize Business Standard 1.1.1, 1.0.1; vRealize Configuration
Manager prior to 5.7.3; vRealize Infrastructure 5.7, 5.8.4 Patches
released on 2015-04-02.
2015-04-09 VMSA-2015-0003.1
Updated Security advisory in conjunction with the release of VMware
Horizon DaaS Platform 6.1.4, 5.4.5; vRealize Operations Manager 6.0;
vRealize Application Services 6.2; vRealize Application Services 6.1;
vCloud Application Director 6.0; vCenter Chargeback Manager 2.7, 2.6;
vCloud Director For Service Providers 5.6.4.1;
vRealize Log Insight 2.5, 2.0, 1.5, 1.0 Patches
released on 2015-04-09.
2015-04-13 VMSA-2015-0003.2
Updated Security advisory in conjunction with the release of
vRealize Business Adv/Ent 8.1, 8.0 Patches released
on 2015-04-13.
2015-04-16 VMSA-2015-0003.3
Updated Security advisory in conjunction with the release of
vCloud Connector 2.7.1; vCloud Usage Meter 3.3.3;
vCenter Server 6.0, 5.5; vSphere Update Manager 6.0, 5.5 patches
released on 2015-04-16.
2015-04-17 VMSA-2015-0003.4
Updated Security advisory in conjunction with the release of
vCenter Site Recovery Manager 5.5.1.5 patches released on 2015-04-16.
2015-04-23 VMSA-2015-0003.5
Updated Security advisory in conjunction with the release of
NSX for Multi-Hypervisor 4.2.4 and vFabric Postgres 9.3.6.0,
9.2.10.0 or 9.1.15.0 patches released on 2015-04-23.
2015-04-30 VMSA-2015-0003.6
Updated Security advisory in conjunction with the release of
vCloud Networking and Security 5.5.4.1, vCenter Server 5.1 Update 3a,
vCenter Server 5.0 Update 3d, vRealize Orchestrator 5.1.3.1,
vSphere Update Manager 5.1 Update 3a and
vSphere Update Manager 5.0 Update 3d patches released on 2015-04-30.
2015-05-07 VMSA-2015-0003.7
Updated Security advisory in conjunction with the release of
vCenter Support Assistant 6.0, vSphere Big Data Extensions 2.1
and 2.0, NSX for vSphere 6.1.4 patches released on 2015-05-07.
2015-05-08 VMSA-2015-0003.8
Updated Security advisory in conjunction with the release of
vSphere Management Assistant 5.5 and 5.1 patches released
on 2015-05-08.
2015-07-02 VMSA-2015-0003.9
Updated Security advisory in conjunction with the release of
EVO:Rail 1.2.1 patches released on 2015-07-02.
2015-08-14 VMSA-2015-0003.10
Updated Security advisory in conjunction with the release of
vCenter Application Discovery Manager 7.1.0 patches released
on 2015-08-13.
- ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories
http://kb.vmware.com/kb/2078735
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2015 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 16127)
Charset: utf-8
wj8DBQFVzh9nDEcm8Vbi9kMRAvu9AJ9VS9NOKPw6L8VM+EPQ36SDCJ9n1gCgoIrc
abTD+Cc0IlDu0w+DbXESO0o=
=aywq
-----END PGP SIGNATURE-----
Monthly Archives: August 2015
Kaspersky Lab Statement on Reuters Article Posted August 14, 2015
CEEA-2015:1625 CentOS 7 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2015:1625 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-1625.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 8de6176d6adafc80d3a5cb79f4c8bed7c1ab2d4cbc90978012802389638b808d tzdata-2015f-1.el7.noarch.rpm 8b5411a39ca59a25e673490b47f1f0323e2cc46141db4b9e2fe12ee7d81f7f63 tzdata-java-2015f-1.el7.noarch.rpm Source: 33197c3bdbb73a331f0a17b166466cac0d782c3f5ec2164f9e2ef501d455acb8 tzdata-2015f-1.el7.src.rpm
Apple releases major security updates
Significant issues evident in Apple products have been patched with a raft of new updates.
The post Apple releases major security updates appeared first on We Live Security.
CEEA-2015:1625 CentOS 6 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2015:1625 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-1625.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1a50cebd39cd4e79cf6367d941ca73888d21366a92165ca3cbfcdb4cffdfbbb1 tzdata-2015f-1.el6.noarch.rpm 8009137185fa9ac461a83017e83b674ca3d33d44d6329849ebcb2a95417fcd80 tzdata-java-2015f-1.el6.noarch.rpm x86_64: 1a50cebd39cd4e79cf6367d941ca73888d21366a92165ca3cbfcdb4cffdfbbb1 tzdata-2015f-1.el6.noarch.rpm 8009137185fa9ac461a83017e83b674ca3d33d44d6329849ebcb2a95417fcd80 tzdata-java-2015f-1.el6.noarch.rpm Source: c733d290c468118a9a2ece6c777f255cb23f599227ac88fb39387302d1689c49 tzdata-2015f-1.el6.src.rpm
CEEA-2015:1625 CentOS 5 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2015:1625 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-1625.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 9b76bfc1556355c1ca764112b3b8ea255e9a5ea5767e808b5cf7a10eaec392b5 tzdata-2015f-1.el5.i386.rpm 0947ae55138f8dc9eb7232a1c47976769962534ec5bbce13ad63408c4a6fcddb tzdata-java-2015f-1.el5.i386.rpm x86_64: 952f2c11829135a5732100a69876033ed51628f8905bb5a7516ea72d2b1aeb57 tzdata-2015f-1.el5.x86_64.rpm b11ee90335c85906ce1ad42936388d8f594288993dd4af3ce058e410ed6f7cb6 tzdata-java-2015f-1.el5.x86_64.rpm Source: fec585f1eba0e2453f88499292bc677bfeb1e7260c2480ba3618741d8f9241d2 tzdata-2015f-1.el5.src.rpm
Are you still vulnerable to Stagefright? Get your Android device checked
Security Researcher Joshua Drake has published about a vulnerability in the heart of Android that could allow attackers to steal information from Android devices through remotely execute code via a crafted MMS. Potentially 95% of Android devices should be vulnerable. Have you checked yours?
The post Are you still vulnerable to Stagefright? Get your Android device checked appeared first on We Live Security.
Apple Patches Critical OS X DYLD Flaw in Monster Update
Apple released hordes of patches for OS X, iOS, Safari and iOS Server, including fixes for the DYLD vulnerability disclosed in July.
RHEA-2015:1625-1: tzdata enhancement update
Red Hat Enterprise Linux: Updated tzdata packages that add one enhancement are now available for Red Hat
Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6
Long Life, Red Hat Enterprise Linux 5.11, Red Hat Enterprise Linux 5.9 Advanced
Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat
Enterprise Linux 6.4 Extended Update Support, Red Hat Enterprise Linux 6.5
Extended Update Support, Red Hat Enterprise Linux 6.6 Extended Update Support,
Red Hat Enterprise Linux 6.7, Red Hat Enterprise Linux 7.1, and Red Hat
Enterprise Linux 7.1 Little Endian.
Google, Chromium, HotWord, and our Avira browser
Google added a cool feature to chrome. It is voice search. They just forgot to ask the users before doing so.
The post Google, Chromium, HotWord, and our Avira browser appeared first on Avira Blog.