Thunderbird v.11.0 released
FYI...
Thunderbird v.11.0 released
- https://www.mozilla.org/en-US/thunde...0/releasenotes
v.11.0, released: March 13, 2012
Security Advisories
- https://www.mozilla.org/security/kno...#thunderbird11
Fixed in Thunderbird 11
MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
MFSA 2012-18 window.fullScreen writeable by untrusted content
MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification
MFSA 2012-16 Escalation of privilege with Javascript: URL as home page
MFSA 2012-15 XSS with multiple Content Security Policy headers
MFSA 2012-14 SVG issues found with Address Sanitizer
MFSA 2012-13 XSS with Drag and Drop and Javascript: URL
MFSA 2012-12 Use-after-free in shlwapi.dll
Bugs fixed
- https://www.mozilla.org/en-US/thunde...s/buglist.html
Download
- https://www.mozilla.org/thunderbird/all.html
:fear:
Sumatra PDF reader v2.0.1 released
FYI...
Sumatra PDF reader v2.0.1 released
- http://blog.kowalczyk.info/software/...df-viewer.html
April 8, 2012
System requirements
Supported OS: Windows 7, Vista, XP.
What's new
- http://blog.kowalczyk.info/software/...apdf/news.html
2.0.1 (2012-04-08)
Changes in this release:
fix loading .mobi files from command line
fix a crash loading multiple .mobi files at once
fix a crash showing tooltips for table of contents tree entries
2.0 (2012-04-02)
Changes in this release:
support for MOBI eBook format
support opening CHM documents from network drives
a selection can be copied to a clipboard as an image by using right-click context menu
using ucrt to reduce program size...
:wink:
Apple - Java - Flashback - etc.
FYI...
Apple standalone Flashback malware removal tool
- http://h-online.com/-1526041
16 April 2012 - "Apple has announced* the release of a standalone version of the "Flashback malware removal tool"**. The 356KB tool is aimed at Mac OS X 10.7 Lion users without Java installed and, according to Apple, it "removes the most common variants of the Flashback malware". If the tool finds the Flashback malware, users will presented with a dialogue notifying them that it was removed; depending on the variant removed, the tool may require users to restart their system... The Flashback malware removal tool*** is available from Apple's Support Downloads site."
* http://lists.apple.com/archives/secu.../msg00002.html
13 Apr 2012
** http://support.apple.com/kb/HT5246
*** http://support.apple.com/kb/DL1517
___
2012-003 Apple - Java for OS X Lion
- http://support.apple.com/kb/HT5242
April 12, 2012 - "... Java for OS X Lion 2012-003 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for OS X Lion. This update is recommended for all Mac users with Java installed..."
Java for Mac OS X 10.6 Update 8
- http://support.apple.com/kb/HT5243
April 12, 2012 - "... Java for Mac OS X 10.6 Update 8 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java of Java for Mac OS X v10.6..."
APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8
- http://lists.apple.com/archives/secu.../msg00001.html
12 Apr 2012
> https://isc.sans.edu/diary.html?storyid=12973
Last Updated: 2012-04-12 21:50:28 UTC
- http://h-online.com/-1520431
13 April 2012 - "... Java update -with- Flashback removal tool..."
___
Third Java update in 9 days...
- https://www.computerworld.com/s/arti..._hunter_killer
April 13, 2012
- https://www.computerworld.com/common...%20Decline.jpg
April 12, 2012
:fear::fear:
HP switch may contain malware...
FYI...
HP 5400zl switch may contain malware
- https://www.us-cert.gov/current/#hp_...00_zl_switches
April 12, 2012 - "... security bulletin to address a security vulnerability affecting HP 5400 zl series switches purchased after April 30, 2011. These switches contain a compact flash card that may be infected with malware. US-CERT encourages users and administrators to review HP Security Bulletin HPSBPV02754*, which includes a list of infected switches and serial numbers, and apply any necessary steps to help mitigate the risk."
* https://h20566.www2.hp.com/portal/si...4892.199480143
Potential Security Impact: Local compromise of system integrity
"... HP 5400 zl series switch purchased after April 30, 2011 with the noted serial numbers..."
References: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0133
:fear::fear:
IrfanView FlashPix PlugIn v4.34 released
FYI...
IrfanView FlashPix PlugIn v4.34 released
- https://secunia.com/advisories/48772/
Release Date: 2012-04-13
Criticality level: Highly critical
Impact: System access
Where: From remote ...
CVE Reference: CVE-2012-0278
Solution: Update to version 4.3.4.0...
- http://www.irfanview.com/plugins.htm
... PlugIns updated after the version 4.33:
FPX/FlashPix PlugIn (4.34):
- http://www.irfanview.net/plugins/irf...plugin_fpx.exe
... FPX-Library loading bug fixed
:fear:
Oracle Critical Patch Update Advisory - April 2012
FYI...
Oracle Critical Patch Update Advisory - April 2012
- http://www.oracle.com/technetwork/to...12-366314.html
Apr 17, 2012
Text Form of Oracle Critical Patch Update - April 2012 Risk Matrices
- http://www.oracle.com/technetwork/to...se-366316.html
___
- https://www.us-cert.gov/current/#ora...patch_update18
April 18, 2012 - "Oracle has released its Critical Patch Update for April 2012 to address 88 vulnerabilities across multiple products. This updates contains the following security fixes:
• 6 for Oracle Database Server
• 11 for Oracle Fusion Middleware
• 6 for Oracle Enterprise Manager Grid Control
• 4 for Oracle E-Business Suite
• 5 for Oracle Supply Chain Product Suite
• 15 for Oracle PeopleSoft Products
• 2 for Oracle Industry Applications
• 17 for Oracle Financial Services Software
• 1 for Oracle Primavera Product Suite
• 15 for Oracle Sun Product Suite
• 6 for Oracle MySQL
US-CERT Encourages users and administrators to review the April 2012 Critical Patch Update and apply any necessary updates to help mitigate the risks."
___
Oracle Critical Patch Update (CPU) Advisory - April 2012
Severity: High Severity
- http://atlas.arbor.net/briefs/
April 19, 2012 15:40
Oracle provides comprehensive information about the April 2012 Critical Patch Update.
Analysis: Oracle customers should check the CPU and apply the patches as soon as possible in order to protect against a variety of serious security holes. In some cases, work-arounds may be used but each situation will need to be analyzed to determine impact and effectiveness.
___
- http://h-online.com/-1541933
18 April 2012
___
Many listings - here: https://secunia.com/advisories/historic/
18th Apr, 2012
.
WordPress v3.3.2 released
FYI...
WordPress v3.3.2 released
- https://wordpress.org/download/
April 20, 2012 - "The latest stable release of WordPress (Version 3.3.2) is available..."
- https://wordpress.org/news/2012/04/wordpress-3-3-2/
"WordPress 3.3.2 is available now and is a security update for -all- previous versions. Three external libraries included in WordPress received security updates:
> Plupload (version 1.5.4), which WordPress uses for uploading media.
> SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
> SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes...
... also addresses:
> Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances...
> Cross-site scripting vulnerability when making URLs clickable...
> Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs...
These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2..."
Changelog:
- https://core.trac.wordpress.org/log/...stop_rev=20087
___
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2399 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2400 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2401 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2402 - 5.5
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2403 - 4.3
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2404 - 4.3
Last revised: 04/23/2012 - "... WordPress before 3.3.2..."
- http://h-online.com/-1545416
23 April 2012
- https://secunia.com/advisories/48957/
Release Date: 2012-04-23
Criticality level: Moderately critical
Impact: Security Bypass, Cross Site Scripting
Where: From remote
... vulnerabilities are reported in versions prior to 3.3.2.
Solution: Update to version 3.3.2.
:fear::fear: