The full change log lists forty changes in Chrome 54.0.2840.71. None of them seem to be related to security, but at least one is a fix for a crashing issue. The release announcement doesn’t get into any specifics.
Daily Archives: October 21, 2016
Firefox 49.0.2
Version 49.0.2 of Firefox fixes at least one security vulnerability, along with a few other minor bugs. There’s also a performance improvement for sites that use Flash.
If you’re still running an earlier version, you can usually trigger an update by going to the About page: click the ‘hamburger’ icon at the top right, click the question mark icon, then click About Firefox
.
Serious Linux kernel vulnerability patched
As amusing as it may sound, the recently-patched ‘Dirty Cow’ Linux kernel vulnerability (CVE-2016-5195) highlights a couple of important points:
- vulnerabilities – even known ones – can remain unpatched in critical software for years; and
- a misconfigured server that allows uploaded files to be executed is easily hacked.
At first glance, the Dirty Cow vulnerability may not seem particularly noteworthy. It doesn’t directly allow for arbitrary code execution. But it does allow an attacker who already has the ability to run arbitrary code on a target system to gain full access to that system via privilege escalation.
A Linux server that allows user uploads of any kind is normally configured so that uploaded files cannot be executed. However, it’s very easy to get this wrong, especially for web servers. Still, in most cases, being able to run an uploaded file remotely isn’t enough to provide the kind of access attackers want. Dirty Cow provides that access.
Anyone running a Linux server is strongly advised to install the available kernel updates for Dirty Cow immediately.