Patching in Review – Week 42 of 2019
Brian Secrist
Where Patch Tuesday was relatively light, this week was destined to be a heavy one with the scheduled Oracle release, but I don’t think anyone was prepared for 106 new unique CVEs in our patching content so far!
Security Releases
Adobe kicked off the party early on Tuesday with APSB19-49 detailing security updates for Adobe Acrobat and Reader for a total of 68 vulnerabilities. Many of the vulnerabilities listed are classified as “Critical” where successful exploitation could lead to the execution of arbitrary code, most likely through a maliciously crafted document. Interestingly enough, Acrobat and Reader 19 got an out of cycle update two days later, with very few details on the stability fixes, so make sure to get this second patch out.
Oracle came in next with the expected September Critical Patch Update covering a total of 270 vulnerabilities for its extensive product portfolio. Java JRE and JDK updated with a total of 20 CVEs and a rather moderate maximum CVSS score of 6.8. For those that have migrated from Java SE, OpenJDK also released with patches for the same vulnerabilities on, including distributions such as Amazon Corretto. Oracle’s CPU also included VirtualBox with a total of 11 CVEs remediated this quarter.
Third-Party Updates
Other vendors have been hard at work releasing non-security fixes for their products. Review the list below to make sure you’ve included valuable updates for your end users.
|
Software Title |
Ivanti ID |
Ivanti KB |
|
Adobe Acrobat DC and Acrobat Reader DC 19.021.20048 |
ARDC19-010 |
QADC1902120048 |
|
AIMP 4.60.2153 |
AIMP-017 |
QAIMP4602153 |
|
Apache Tomcat 8.5.47 |
TOMCAT-145 |
QTOMCAT8547 |
|
Apache Tomcat 9.0.27 |
TOMCAT-146 |
QTOMCAT9027 |
|
CCleaner 5.63.7540 |
CCLEAN-085 |
QCCLEAN5637540 |
|
DropBox 83.4.152 |
DROPBOX-123 |
QDROPBOX834152 |
|
GOM Player 2.3.46.5308 |
GOM-031 |
QGOM23465308 |
|
GoToMeeting 10.1.1.15160 |
GOTOM-073 |
QGTM1011 |
|
LibreOffice 6.2.8.2 |
LIBRE-119 |
QLIBRE6282 |
|
Microsoft Power BI Desktop 2.74.5619.621 |
PBID-069 |
QBI2745619621 |
|
Node.JS 12.12.0 (Current) |
NOJSC-026 |
QNODEJSC12120 |
|
Opera 64.0.3417.61 |
OPERA-233 |
QOP640341761 |
|
Plex Media Server 1.18.0.1944 |
PLXS-048 |
QPLXS11801944 |
