Patching in Review – Week 32 of 2019
Brian Secrist
With Patch Tuesday on the horizon, make sure to sign up for our Patch Tuesday Webinar where we recap all of the upcoming surprises that our monthly patching holiday brings!
Security news was ablaze this week with the latest speculative execution vulnerability announced. CVE-2019-1125, also known as the “SWAPGS” vulnerability, allows an attacker to steal information by reading from privileged memory that could include passwords, credentials, keys, or other critical data. The most interesting thing about this vulnerability is that you’ve probably already remediated against it without noticing! Microsoft secretly included this vulnerability within the July Patch Tuesday patches. Lastly, this vulnerability type is notorious for impacting performance. Phoronix has begun performing preliminary benchmarks on an Ubuntu machine. Fortunately, Phoronix found that the impact is minimal, but measurable.
Security Releases
Google Chrome once again pushed another release this week, bringing a total of three security releases between Patch Tuesdays. Version 76.0.3809.100 is reported to include four security fixes with two CVEs. The “high” severity vulnerability, CVE-2019-5868, details a “use-after-free” vulnerability where specially crafted content could be used to execute code on the system. Given the numerous releases this month, I wouldn’t expect a surprise release for Patch Tuesday, but who knows?
Third-Party Updates
Other third-party vendors have been busy this week with numerous non-security releases. While these releases are not associated with a CVE, they can include valuable stability fixes as well as undisclosed security fixes:
|
Software Title |
Ivanti ID |
Ivanti KB |
|
Allway Sync 19.1.5 |
ALLSYNC-008 |
QALLSYNC1915 |
|
Box Sync 4.0.7965.0 |
BOXSYNC-023 |
QBOXSYNC4079650 |
|
Camtasia 2019.0.5 |
CAMTA-020 |
QCAMTASIA1905 |
|
Firefox ESR 68.0.1 |
FFE19-6801 |
QFFE6801 |
|
GoodSync 10.10.2 |
GOODSYNC-125 |
QGS101022 |
|
GoodSync 10.10.3 |
GOODSYNC-126 |
QGS101033 |
|
Node.JS 10.16.2 (LTS Upper) |
NOJSLU-010 |
QNODEJSLU10162 |
|
Node.JS 12.8.0 (Current) |
NOJSC-019 |
QNODEJSC1280 |
|
Opera 62.0.3331.116 |
OPERA-223 |
QOP6203331116 |
|
Plex Media Player 2.39.0 |
PLXP-043 |
QPLXP2390 |
|
TortoiseSVN 1.12.2 |
TORT-034 |
QTORT1122 |
|
VNC Viewer 6.19.715 |
VNCV-001 |
QVNCV619715 |
