Yahoo Messenger v11.5.0.155 released
FYI...
Yahoo Messenger vuln - update available
- https://secunia.com/advisories/47041/
Release Date: 2012-01-13
Criticality level: Moderately critical
Impact: System access
Where: From remote
... may allow execution of arbitrary code, but requires a victim to allow photo sharing with an attacker.
The vulnerability is confirmed in version 11.5.0.152. Other versions may also be affected.
Solution: Update to version 11.5.0.155.
- http://www.securitytracker.com/id/1026523
CVE Reference: CVE-2012-0268
Date: Jan 13 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 11.5.0.155...
- http://majorgeeks.com/Yahoo_Messenger_d4235.html
Yahoo! Messenger 11.5.0.155
Date: 2012-01-11
Size: 18.3 MB
License: Freeware
:fear:
Hard drive shortages continue...
FYI...
- http://www.gartner.com/it/page.jsp?id=1893523
January 11, 2012 - "... Hard-disk drive (HDD) shortages triggered by the October 2011 floods in Thailand had a limited impact on fourth-quarter PC shipments and prices. However, Gartner analysts said a major impact will be felt, and this is expected to materialize in the first half of 2012, and potentially continue throughout 2012. These shortages will temporarily lower PC shipment growth during 2012..."
:fear: :sad:
IrfanView plugin JPEG-2000 v4.33 released
FYI...
IrfanView plugin JPEG-2000 v4.33 released
- https://secunia.com/advisories/47360/
Release Date: 2012-01-16
Criticality level: Moderately critical
Impact: System access
Where: From remote
... vulnerability is confirmed in version 4.32. Other versions may also be affected.
Solution: Update the JPEG2000 plug-in to version 4.33.
- http://www.irfanview.com/plugins.htm
... PlugIns updated after the version 4.32:
JPEG-2000 Plugin (4.33) - fixed crash/overflow with special files
> http://www.irfanview.net/plugins/irf...n_jpeg2000.exe
:fear:
Symantec pcAnywhere updated
FYI...
Symantec pcAnywhere update
- https://secunia.com/advisories/47744/
Last Update: 2012-01-26
Criticality level: Moderately critical
Impact: Privilege escalation, System access
Where: From local network
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3478 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3479 - 4.3
... exploitation of this vulnerability may allow execution of arbitrary code.
The security issue and the vulnerability are reported in the following products:
Symantec pcAnywhere version 12.5.x, Symantec Altiris IT Management Suite version 7.0, Symantec Altiris IT Management Suite version 7.1
Solution: Apply hotfix TECH179526.
Original Advisory: Symantec:
http://www.symantec.com/security_res...id=20120124_00
Jan 24, 2012 - SYM12-002 - Severity: High
pcAnywhere hotfix - Article: TECH179526
- http://www.symantec.com/business/sup...&id=TECH179526
Updated: 2012-01-25 - "... Symantec pcAnywhere 12.5.x users should upgrade to the latest supported version, 12.5.3, prior to applying the hotfix or reapply the hotfix once they upgrade to the 12.5.3 version."
:fear::fear:
pcAnywhere users – patch now! ...
FYI...
pcAnywhere users – patch now!
- https://isc.sans.edu/diary.html?storyid=12463
Last Updated: 2012-01-25 22:24:12 UTC - "Symantec released a patch for pcAnywhere products that fixes couple of vulnerabilities, among which the most dangerous one allows remote code execution... for last couple of weeks there have been a lot of rumors about source code of several Symantec’s products that got stolen by yet unknown hackers. Besides a post that listed file names nothing else has been released in public yet, as far as we know... if you are a pcAnywhere user – PATCH NOW.
Update:
And a short update: according to DShield data it appears that someone started scanning around for services on port 5631 (pcAnywhere). While the number of sources is still relatively low (indicating a single scanner, or a small number of them), the number of targets is pretty high. See for yourself here*."
* https://isc.sans.edu/port.html?port=5631
pcAnywhere hotfix - Article: TECH179526
- http://www.symantec.com/business/sup...&id=TECH179526
Updated: 2012-01-26
- http://clientui-kb.symantec.com/kb/i...&id=TECH179526
Updated: 2012-01-28 - Technical Solution for pcAnywhere 12.0 12.5 12.5 SP3, pcAnywhere Solution 12.5 12.6 12.6.2
Updated: 2012-01-30 - Technical Solution for pcAnywhere 12.5 12.5 SP3, pcAnywhere Solution 12.5 12.6 12.6.2 ...
Updated: 2012-02-02 - Technical Solution for pcAnywhere 12.0 12.5 12.5 SP3, pcAnywhere Solution 12.5 12.6 12.6.2
:fear::fear:
Thunderbird v10.0.1 released ...
FYI...
- https://www.mozilla.org/security/ann...sa2012-10.html
Feb 10, 2012 - "... Fixed in: ... Thunderbird 10.0.1..."
Impact: Critical...
___
Thunderbird v10.0 released
- https://www.mozilla.org/thunderbird/10.0/releasenotes/
Jan 31, 2012 What's New...
Download
- https://www.mozilla.org/thunderbird/all.html
Fixed in Thunderbird 10
- https://www.mozilla.org/security/kno...#thunderbird10
MFSA 2012-08 Crash with malformed embedded XSLT stylesheets
MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure
MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks
MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
MFSA 2012-03 <iframe> element exposed across domains via name attribute
MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)
___
Thunderbird v3.1.18 released
- https://www.mozilla.org/thunderbird/all-older.html
:fear:
Backdoor in TRENDnet IP cameras
FYI...
Backdoor in TRENDnet IP cameras
- http://h-online.com/-1428896
6 Feb 2012 - "... security vulnerability in some TRENDnet IP cameras which permits inquisitive web users to access them without authentication... Random sampling by The H's associates at heise Security found that most of the cameras were indeed freely accessible, providing views of offices, living rooms and children's bedrooms... TRENDnet has already responded by providing a firmware update*..."
* http://www.trendnet.com/langen/press/view.asp?id=1958
2/7/2012 - "TRENDnet has published updated firmware for all affected cameras... video from some TRENDnet IP SecurView cameras may be accessed online in real time... New firmware for all of the listed models is available at the following link: http://www.trendnet.com/downloads
TRENDnet is working to publish all outstanding firmware within the next 48 hours... Customers with any questions related to this issue such as how to update your camera’s firmware are invited to contact TRENDnet at the following email:
ipcam@trendnet.com ..."
> http://news.bbcimg.co.uk/media/image...339829_cam.jpg
:sad::fear::fear:
Apple Safari Plug-in vuln ...
FYI...
Apple Safari Plug-in vuln ...
- https://secunia.com/advisories/45758/
Release Date: 2012-03-07
Criticality level: Moderately critical
Impact: System access
Where: From remote
Software: Apple Safari 5.x
CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3845 - 7.6 (HIGH)
Last revised: 03/08/2012
... confirmed in version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected.
Solution: No effective workaround is currently available...
- http://www.securitytracker.com/id/1026775
CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3844 - 4.3
Date: Mar 9 2012
Impact: Modification of system information
Version(s): 5.0.5 (7533.21.1); possibly other versions
Impact: A remote user can spoof the address bar URL.
Solution: The vendor has issued a partial fix (5.1.2 (7534.52.7))...
- https://www.apple.com/safari/download/
(Currently: Safari 5.1.2... for Windows XP, Vista or 7)
Use Apple Software Update ...
:fear::fear: