Kaspersky Lab North America announced today that CRN, a brand of The Channel Company, has named Kaspersky Lab to its inaugural 2016 Security 100 list.
Monthly Archives: March 2016
Kaspersky Lab North America Wins Stevie Award for Sales and Customer Service
Kaspersky Lab North America Wins Stevie Award for Sales and Customer Service
ISC Releases Security Updates for BIND
Original release date: March 09, 2016
The Internet Systems Consortium (ISC) has released updates that address three vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.
Available updates include:
- BIND 9 version 9.9.8-P4
- BIND 9 version 9.10.3-P4
- BIND 9 version 9.9.8-S6
US-CERT encourages users and administrators to review ISC Knowledge Base Articles AA-01351, AA-01352, and AA-01353 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Original release date: March 09, 2016
Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected device.
Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:
- Wireless Residential Gateway information-disclosure vulnerability
- Wireless Residential Gateway with EDVA denial-of-service vulnerability
- ASA Content Security and Control Security Services Module denial-of-service vulnerability
- Cable Modem with Digital Voice remote-code-execution vulnerability
For details on securing your home network, please see US-CERT Tip ST15-002.
This product is provided subject to this Notification and this Privacy & Use policy.
DSA-3513 chromium-browser – security update
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2015-6184
The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) via a malformed Cascading Style Sheets (CSS) token sequence in conjunction with modifications to HTML elements, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-6048 and CVE-2015-6049.
CVE-2016-0886
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call.
CVE-2016-1285
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
CVE-2016-1286
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
CVE-2016-2088
resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.