Multiple AV vendor vulns / updates / issues

[AplusWebMaster]

FYI...

Symantec AV multiple vulns - update available
- http://secunia.com/advisories/43099/
Release Date: 2011-01-27
Criticality level: Moderately critical
Impact: DoS, System access
Where: From local network
Solution Status: Vendor Patch
Software: Symantec AntiVirus Corporate Edition 10.x, System Center 10.x
CVE Reference(s): CVE-2010-0110, CVE-2010-0111
... Intel AMS2 component when processing certain messages can be exploited to run arbitrary commands | cause a buffer overflow | create arbitrary events | cause a DoS ...
Solution: Update to version 10.1 MR10.
Original Advisory:
- http://www.symantec.com/business/sec...id=20110126_00
- http://www.symantec.com/business/sec...id=20110126_01

- http://www.securitytracker.com/id/1024996
Jan 27 2011
- http://www.securitytracker.com/id/1024997
Jan 28 2011

[AplusWebMaster]

FYI...

Clam AV vuln - update v0.97 available
- http://secunia.com/advisories/43392/
Release Date: 2011-02-21
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
... The vulnerability is reported in versions prior to 0.97.
Solution: Update to version 0.97...
- http://www.clamav.net/lang/en/download/sources/
"... Latest stable release: ClamAV 0.97... Please read the upgrade instructions before upgrading..."
* http://wiki.clamav.net/Main/UpgradeInstructions"

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1003
Last revised: 02/24/2011

- http://www.securitytracker.com/id/1025100
Feb 21 2011

[AplusWebMaster]

FYI...

CA ActiveX vuln - update available
* http://secunia.com/advisories/43377/
Release Date: 2011-02-24
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch ...
Original Advisory: ZDI / CA (CA20110223-01):
http://www.zerodayinitiative.com/advisories/ZDI-11-093/

CA ActiveX vuln - update available
- http://secunia.com/advisories/43490/
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
Solution: Set the kill-bit for the affected ActiveX control. Reportedly, the vendor will issue fix information soon.
For more information: SA43377*

- http://www.securitytracker.com/id/1025120
Updated: Feb 26 2011
___

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1036
Last revised: 03/11/2011
CVSS v2 Base Score: 8.8 (HIGH)

[AplusWebMaster]

FYI...

F-Secure multiple vulns - update available
- http://secunia.com/advisories/43049/
Release Date: 2011-02-24
Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information
Where: From remote...
Software: F-Secure Policy Manager 8.x, F-Secure Policy Manager 9.x
... The weakness and the vulnerability are confirmed in version 9.00.30231 and also reported in versions 8.00 and 8.1x.
Solution: Apply patches.
Original Advisory: F-Secure (FSC-2011-2):
http://www.f-secure.com/en_EMEA/supp...sc-2011-2.html

- http://www.securitytracker.com/id/1025124
Feb 24 2011
___

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1102
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1103
Last revised: 03/11/2011
"... before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux..."

[AplusWebMaster]

FYI...

McAfee Firewall Reporter vuln - fix
- https://kc.mcafee.com/corporate/inde...ent&id=SB10015
Security Bulletins ID: SB10015
Last Modified: April 11, 2011
This update fixes a bug that leverages an issue in the authentication sequence to allow unauthorized users access to the system...
> Remediation..."
(See the URL above.)

- http://www.securitytracker.com/id/1025314
Apr 11 2011
Version: prior to 5.1.0.13...

- http://secunia.com/advisories/44110/
Criticality level: Moderately critical
___

- http://www.theregister.co.uk/2011/04...lter_screw_up/
6 April 2011 - "McAfee has apologised for a Sesame Street-style mix-up over the weekend that temporarily prevented any customers with addresses that start with the letter A from receiving email. The glitch... bounced emails sent to supported inboxes that began with an A or a non-alphanumeric special character (eg, @£$). In a statement, McAfee blamed a rogue script for the mix-up, which has now been resolved..."

[AplusWebMaster]

FYI...

Avast! false positive - virus defs 110411-1 ...
- https://blog.avast.com/2011/04/11/fa...defs-110411-1/
April 11 2011 - "Virus definition update 110411-1 contained an error that resulted in a good number of innocent sites being flagged as infected. Generally, all sites with a script in a specific format were affected... We sincerely apologize for the inconvenience..."

- http://news.cnet.com/8301-1009_3-20053085-83.html
April 12, 2011 - "... the update was downloaded by around 5 million users, mostly on the Western Hemisphere..."

"Some of the sites affected by this Avast false positive include Wikipedia, Yahoo, PCWorld, and Youtube..."
(Hat tip to cnm @ spywareinfoforum.com)*
* http://www.spywareinfoforum.com/inde...ost__p__744891