VMware has re-issue VMSA-2015-0007.3 today after they found an earlier fix for CVE-2016-2342 was incomplete. Affected ESXi versions are: 5.0, 5.1 and 5.5. Advisory can be found here.

[1] https://www.vmware.com/security/advisories/VMSA-2015-0007.html

Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Enlarge (credit: Backblaze)

Adobe Systems has stopped distributing a recently issued update to its Creative Cloud graphics service amid reports a Mac version can delete important user data without warning or permission.

The deletions happen whenever Mac users log in to the Adobe service after the update has been installed, according to officials from Backblaze, a data backup service whose users are being disproportionately inconvenienced by the bug. Upon sign in, a script activated by Creative Cloud deletes the contents in the alphabetically first folder in a Mac's root directory. Backblaze users are being especially hit by the bug because the backup service relies on data stored in a hidden root folder called .bzvol. Because the folder is the alphabetically top-most hidden folder at the root of so many users' drives, they are affected more than users of many other software packages.

"This caused a lot of our customers to freak out," Backblaze Marketing Manager Yev Pusin wrote in an e-mail. "The reason we saw a huge uptick from our customers is because Backblaze's .bzvol is higher up the alphabet. We tested it again by creating a hidden file with an '.a' name, and the files inside were removed as well."

Read 5 remaining paragraphs | Comments

HD Video Player v2.5 iOS - Multiple Web Vulnerabilities
CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011)
[slackware-security] mozilla-firefox (SSA:2016-042-01)
[SECURITY] [DSA 3473-1] nginx security update
Re: [oss-security] HTTPS Only (Open Source, Python)
Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities
Internet Storm Center Infocon Status