Important Security Updates Available for Adobe, VMware and Wireshark Products

Earlier this week Adobe made available security updates for Adobe Photoshop CC (resolves 4 CVEs) and Adobe Bridge CC (3 CVEs resolved, shares the same CVE identifiers fixed in the Photoshop update). These updates are installed simply by checking for updates within the affected applications (please see the above linked Security Bulletins for more details).

VMware released security updates for VMware Fusion, VMware Horizon clients, VMware Player, and VMware Workstation last week resolving 7 CVEs. This week further updates for VMware Fusion, VMware Player and VMware Workstation were also made available. The second set of Fusion and Workstation updates each resolve 8 CVEs, the Player update does not mention CVEs but likely includes fixes too (since Player and Workstation mostly share the same code base). The Fusion and Workstation updates include updated versions of the OpenSSL library (updating to version 1.0.1m to resolve all 8 CVEs previously mentioned). Please follow the steps mentioned within the in-product update messages or download the updates using the appropriate links within the release notes linked to above. The updates for Fusion, Player and Workstation from this week also include the fixes that were issued last week.

In addition, yesterday Wireshark released updates (version 1.12.6) that include fixes for software bugs and security issues (2 CVEs resolved). For Linux distributions updates can be obtained using the operating systems standard package manager (if the latest version is not installed automatically you can instead compile the source code). For Mac OS X and Windows, the updates are available within the downloads section of the Wireshark website.

Update: 12th July 2015: VMware have released a further security advisory for VMware Player, Workstation and Horizon View Clients. Older versions of these applications were mainly affected while some newer versions already received the appropriate updates as previously detailed above. Please check this new advisory and apply any updates that you may not yet have installed.

If you have not encountered the term CVEs before, please see the first short aside within this blog post for an explanation.

If you use any of the above mentioned products, please install the appropriate updates when you can. If these products are installed on critical production systems or systems that contain your critical data, please back up your data before installing these updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s