Old Alerts

[AplusWebMaster]

FYI...

Yahoo Messenger vuln - update available
- https://secunia.com/advisories/47041/
Release Date: 2012-01-13
Criticality level: Moderately critical
Impact: System access
Where: From remote
... may allow execution of arbitrary code, but requires a victim to allow photo sharing with an attacker.
The vulnerability is confirmed in version 11.5.0.152. Other versions may also be affected.
Solution: Update to version 11.5.0.155.

- http://www.securitytracker.com/id/1026523
CVE Reference: CVE-2012-0268
Date: Jan 13 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 11.5.0.155...

- http://majorgeeks.com/Yahoo_Messenger_d4235.html
Yahoo! Messenger 11.5.0.155
Date: 2012-01-11
Size: 18.3 MB
License: Freeware

[AplusWebMaster]

FYI...

- http://www.gartner.com/it/page.jsp?id=1893523
January 11, 2012 - "... Hard-disk drive (HDD) shortages triggered by the October 2011 floods in Thailand had a limited impact on fourth-quarter PC shipments and prices. However, Gartner analysts said a major impact will be felt, and this is expected to materialize in the first half of 2012, and potentially continue throughout 2012. These shortages will temporarily lower PC shipment growth during 2012..."

[AplusWebMaster]

FYI...

IrfanView plugin JPEG-2000 v4.33 released
- https://secunia.com/advisories/47360/
Release Date: 2012-01-16
Criticality level: Moderately critical
Impact: System access
Where: From remote
... vulnerability is confirmed in version 4.32. Other versions may also be affected.
Solution: Update the JPEG2000 plug-in to version 4.33.

- http://www.irfanview.com/plugins.htm
... PlugIns updated after the version 4.32:
JPEG-2000 Plugin (4.33) - fixed crash/overflow with special files
> http://www.irfanview.net/plugins/irf...n_jpeg2000.exe

[AplusWebMaster]

FYI...

Symantec pcAnywhere update
- https://secunia.com/advisories/47744/
Last Update: 2012-01-26
Criticality level: Moderately critical
Impact: Privilege escalation, System access
Where: From local network
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3478 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3479 - 4.3
... exploitation of this vulnerability may allow execution of arbitrary code.
The security issue and the vulnerability are reported in the following products:
Symantec pcAnywhere version 12.5.x, Symantec Altiris IT Management Suite version 7.0, Symantec Altiris IT Management Suite version 7.1
Solution: Apply hotfix TECH179526.
Original Advisory: Symantec:
http://www.symantec.com/security_res...id=20120124_00
Jan 24, 2012 - SYM12-002 - Severity: High

pcAnywhere hotfix - Article: TECH179526
- http://www.symantec.com/business/sup...&id=TECH179526
Updated: 2012-01-25 - "... Symantec pcAnywhere 12.5.x users should upgrade to the latest supported version, 12.5.3, prior to applying the hotfix or reapply the hotfix once they upgrade to the 12.5.3 version."

[AplusWebMaster]

FYI...

pcAnywhere users – patch now!
- https://isc.sans.edu/diary.html?storyid=12463
Last Updated: 2012-01-25 22:24:12 UTC - "Symantec released a patch for pcAnywhere products that fixes couple of vulnerabilities, among which the most dangerous one allows remote code execution... for last couple of weeks there have been a lot of rumors about source code of several Symantec’s products that got stolen by yet unknown hackers. Besides a post that listed file names nothing else has been released in public yet, as far as we know... if you are a pcAnywhere user – PATCH NOW.
Update:
And a short update: according to DShield data it appears that someone started scanning around for services on port 5631 (pcAnywhere). While the number of sources is still relatively low (indicating a single scanner, or a small number of them), the number of targets is pretty high. See for yourself here*."
* https://isc.sans.edu/port.html?port=5631

pcAnywhere hotfix - Article: TECH179526
- http://www.symantec.com/business/sup...&id=TECH179526
Updated: 2012-01-26
- http://clientui-kb.symantec.com/kb/i...&id=TECH179526
Updated: 2012-01-28 - Technical Solution for pcAnywhere 12.0 12.5 12.5 SP3, pcAnywhere Solution 12.5 12.6 12.6.2
Updated: 2012-01-30 - Technical Solution for pcAnywhere 12.5 12.5 SP3, pcAnywhere Solution 12.5 12.6 12.6.2 ...
Updated: 2012-02-02 - Technical Solution for pcAnywhere 12.0 12.5 12.5 SP3, pcAnywhere Solution 12.5 12.6 12.6.2

[AplusWebMaster]

FYI...

- https://www.mozilla.org/security/ann...sa2012-10.html
Feb 10, 2012 - "... Fixed in: ... Thunderbird 10.0.1..."
Impact: Critical...
___

Thunderbird v10.0 released
- https://www.mozilla.org/thunderbird/10.0/releasenotes/
Jan 31, 2012 What's New...

Download
- https://www.mozilla.org/thunderbird/all.html

Fixed in Thunderbird 10
- https://www.mozilla.org/security/kno...#thunderbird10
MFSA 2012-08 Crash with malformed embedded XSLT stylesheets
MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure
MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks
MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
MFSA 2012-03 <iframe> element exposed across domains via name attribute
MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)
___

Thunderbird v3.1.18 released
- https://www.mozilla.org/thunderbird/all-older.html

[AplusWebMaster]

FYI...

Backdoor in TRENDnet IP cameras
- http://h-online.com/-1428896
6 Feb 2012 - "... security vulnerability in some TRENDnet IP cameras which permits inquisitive web users to access them without authentication... Random sampling by The H's associates at heise Security found that most of the cameras were indeed freely accessible, providing views of offices, living rooms and children's bedrooms... TRENDnet has already responded by providing a firmware update*..."

* http://www.trendnet.com/langen/press/view.asp?id=1958
2/7/2012 - "TRENDnet has published updated firmware for all affected cameras... video from some TRENDnet IP SecurView cameras may be accessed online in real time... New firmware for all of the listed models is available at the following link: http://www.trendnet.com/downloads
TRENDnet is working to publish all outstanding firmware within the next 48 hours... Customers with any questions related to this issue such as how to update your camera’s firmware are invited to contact TRENDnet at the following email:
ipcam@trendnet.com ..."
> http://news.bbcimg.co.uk/media/image...339829_cam.jpg

[AplusWebMaster]

FYI...

Apple iOS 5.1 Software Update
- https://support.apple.com/kb/HT5192
March 07, 2012 - iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
- https://secunia.com/advisories/48288/
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
Solution: Apply iOS 5.1 Software Update.
- http://www.securitytracker.com/id/1026774
Date: Mar 8 2012
CVE Reference: CVE-2012-0641, CVE-2012-0642, CVE-2012-0643, CVE-2011-3453, CVE-2012-0644, CVE-2012-0585, CVE-2012-0645, CVE-2012-0646, CVE-2011-3887, CVE-2012-0590, CVE-2011-3881, CVE-2012-0586, CVE-2012-0587, CVE-2012-0588, CVE-2012-0589, CVE-2011-2825, CVE-2011-2833, CVE-2011-2846, CVE-2011-2847, CVE-2011-2854, CVE-2011-2855, CVE-2011-2857, CVE-2011-2860, CVE-2011-2867, CVE-2011-2868, CVE-2011-2869, CVE-2011-2870, CVE-2011-2871, CVE-2011-2872, CVE-2011-2873, CVE-2011-2877, CVE-2011-3885, CVE-2011-3888, CVE-2011-3897, CVE-2011-3908, CVE-2011-3909, CVE-2011-3928, CVE-2012-0591, CVE-2012-0592, CVE-2012-0593, CVE-2012-0594, CVE-2012-0595, CVE-2012-0596, CVE-2012-0597, CVE-2012-0598, CVE-2012-0599, CVE-2012-0600, CVE-2012-0601, CVE-2012-0602, CVE-2012-0603, CVE-2012-0604, CVE-2012-0605, CVE-2012-0606, CVE-2012-0607, CVE-2012-0608, CVE-2012-0609, CVE-2012-0610, CVE-2012-0611, CVE-2012-0612, CVE-2012-0613, CVE-2012-0614, CVE-2012-0615, CVE-2012-0616, CVE-2012-0617, CVE-2012-0618, CVE-2012-0619, CVE-2012-0620, CVE-2012-0621, CVE-2012-0622, CVE-2012-0623, CVE-2012-0624, CVE-2012-0625, CVE-2012-0626, CVE-2012-0627, CVE-2012-0628, CVE-2012-0629, CVE-2012-0630, CVE-2012-0631, CVE-2012-0632, CVE-2012-0633, CVE-2012-0635
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network...

iTunes 10.6 update
- https://support.apple.com/kb/HT5191
March 07, 2012 - Windows 7, Vista, XP SP2 or later
- https://secunia.com/advisories/48274/
Impact: System access
Where: From remote
Solution: Update to version 10.6.
- http://www.securitytracker.com/id/1026781
Date: Mar 9 2012
CVE Reference: CVE-2012-0634, CVE-2012-0636, CVE-2012-0637, CVE-2012-0638, CVE-2012-0639, CVE-2012-0648
Impact: Execution of arbitrary code via network, User access via network

- http://h-online.com/-1466786
8 March 2012

- https://www.us-cert.gov/current/#app...urity_updates2
March 9, 2012

[AplusWebMaster]

FYI...

Apple Safari Plug-in vuln ...
- https://secunia.com/advisories/45758/
Release Date: 2012-03-07
Criticality level: Moderately critical
Impact: System access
Where: From remote
Software: Apple Safari 5.x
CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3845 - 7.6 (HIGH)
Last revised: 03/08/2012
... confirmed in version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected.
Solution: No effective workaround is currently available...

- http://www.securitytracker.com/id/1026775
CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3844 - 4.3
Date: Mar 9 2012
Impact: Modification of system information
Version(s): 5.0.5 (7533.21.1); possibly other versions
Impact: A remote user can spoof the address bar URL.
Solution: The vendor has issued a partial fix (5.1.2 (7534.52.7))...

- https://www.apple.com/safari/download/
(Currently: Safari 5.1.2... for Windows XP, Vista or 7)

Use Apple Software Update ...

[AplusWebMaster]

FYI...

Safari v5.1.4 released
- http://lists.apple.com/archives/secu.../msg00003.html
Mar 12, 2012 - Safari 5.1.4 for Windows XP, Vista or 7 ...

- https://www.apple.com/safari/download/

- https://support.apple.com/kb/HT5190

- http://www.securitytracker.com/id/1026785
Date: Mar 12 2012
CVE Reference: CVE-2012-0584, CVE-2012-0640, CVE-2012-0647
Impact: Disclosure of authentication information, Modification of system information
Version(s): prior to 5.1.4...

- https://secunia.com/advisories/48377/
Release Date: 2012-03-13
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote ...
Solution: Update to version 5.1.4.
Original Advisory: http://support.apple.com/kb/HT5190
___

- https://www.computerworld.com/s/arti...monster_update
Mar 13, 2012 - "... Fixes 83 security flaws, most in WebKit engine; boosts JavaScript performance on OS X Lion... Of the 83 vulnerabilities, Apple tacitly classified 72 as critical..."

- http://h-online.com/-1470595
13 March 2012
>> http://www.h-online.com/security/new...ew=zoom;zoom=1