Hello and welcome to the Friday, January 5th, 2020,

for edition of the Sands and its Storm Center's Stormcast,

my name is Johannes Ulrich,

and today I'm recording from Jacksonville, Florida.

Today's episode is a little bit heavy on patches,

starting with patches for Wyrshark.

Wireshark released updates for all three currently

supported versions. These updates fix a number of security vulnerabilities. All of these security

vulnerabilities are classified as a denial of service. If your Wireshark instance is parsing a grafted packet, it may crash. Of course,

there's always a small chance that some of them could potentially be used for code execution,

but none of the advisories for these vulnerabilities indicate that. And Google released updates for Android as well as Chrome.

Nothing really sort of out of the ordinary here.

The Android patches fix about 50 different vulnerabilities.

The only critical vulnerabilities are in close source Qualcomm components components. And actually, the majority of the

vulnerabilities are in these Qualcomm closed-source components, also some open-source components

that are interacting with Qualcomm chips. And the Google Chrome update does not fix any serenadeys, so nothing really too much to worry about.

Just make sure that the auto update works.

So once they keep reminding yourself to restart Google Chrome or any other browser you're using.

Not quite as widely used as Chrome or Android, but nevertheless important and

frequently exploited in the past is Ivanti's EPM, their endpoint management software.

Yvanti released an update, update 5 for version 22, that fixes a single vulnerability,

CVE 2020339366.

...