Page 35 of 35 FirstFirst ... 253132333435
Results 341 to 350 of 350

Thread: Old Alerts

  1. #341
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb Thunderbird v.11.0 released

    FYI...

    Thunderbird v.11.0 released
    - https://www.mozilla.org/en-US/thunde...0/releasenotes
    v.11.0, released: March 13, 2012

    Security Advisories
    - https://www.mozilla.org/security/kno...#thunderbird11
    Fixed in Thunderbird 11
    MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
    MFSA 2012-18 window.fullScreen writeable by untrusted content
    MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification
    MFSA 2012-16 Escalation of privilege with Javascript: URL as home page
    MFSA 2012-15 XSS with multiple Content Security Policy headers
    MFSA 2012-14 SVG issues found with Address Sanitizer
    MFSA 2012-13 XSS with Drag and Drop and Javascript: URL
    MFSA 2012-12 Use-after-free in shlwapi.dll

    Bugs fixed
    - https://www.mozilla.org/en-US/thunde...s/buglist.html

    Download
    - https://www.mozilla.org/thunderbird/all.html

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #342
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow IrfanView v4.33 released

    FYI...

    IrfanView v4.33 released
    - https://secunia.com/advisories/47333/
    Release Date: 2012-03-29
    Criticality level: Highly critical
    Impact: System access
    Where: From remote ...
    ... vulnerabilities are reported in versions prior to 4.33.
    Solution: Update to version 4.33.

    - http://www.irfanview.com/main_history.htm
    Version 4.33 CURRENT VERSION - Release date: 2012-03-28

    Download: http://www.irfanview.com/main_download_engl.htm

    - http://www.irfanview.com/plugins.htm

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #343
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple - Java update ...

    FYI...

    Apple - Java update for OS X Lion 2012-001 and Java for Mac OS X 10.6
    - https://support.apple.com/kb/HT5228
    April 03, 2012
    This document describes the security content of Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7, which can be downloaded and installed via Software Update* preferences, or from Apple Downloads.
    Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, Lion Server v10.7.3
    Impact: Multiple vulnerabilities in Java 1.6.0_29
    Description: Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31...

    * https://support.apple.com/kb/HT1338

    APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
    - http://lists.apple.com/archives/secu.../msg00000.html
    3 Apr 2012

    - https://www.us-cert.gov/current/#app...e_for_java_for
    April 4, 2012

    - https://secunia.com/advisories/48648/
    Release Date: 2012-04-04
    Criticality level: Highly critical
    Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
    Where: From remote...
    Solution: Apply updates.
    Original Advisory: http://support.apple.com/kb/HT5228
    ___

    Urgent Fix for Zero-Day Mac Java Flaw
    - http://atlas.arbor.net/briefs/index#-674870906
    Severity: Extreme Severity
    Published: Thursday, April 05, 2012 23:09
    Apple has released a critical Java patch that should be deployed ASAP to help counter the Flashback malware. Apple users should be aware that they are -not- invulnerable, even though OSX attacks and malware are much much less than for Windows systems.
    Analysis: Flashback has started compromising OSX systems using an out-of-date version of Java. The trojan has been seen with two basic payloads, one to modify Safari settings and the other that is a password stealer. The Flashback botnet has been monitored by security company Dr. Web and their data shows approximately 600,000 OSX systems have been infected. More infections are on their way, given the lax attention to security that many OSX users have. It is likely that this Java security flaw has also been used in targeted attacks that won't get much, if any press.
    Source: https://krebsonsecurity.com/2012/04/...mac-java-flaw/

    - http://h-online.com/-1500931
    4 April 2012

    Last edited by AplusWebMaster; 2012-04-07 at 13:43.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #344
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Sumatra PDF reader v2.0.1 released

    FYI...

    Sumatra PDF reader v2.0.1 released
    - http://blog.kowalczyk.info/software/...df-viewer.html
    April 8, 2012

    System requirements
    Supported OS: Windows 7, Vista, XP.

    What's new
    - http://blog.kowalczyk.info/software/...apdf/news.html
    2.0.1 (2012-04-08)
    Changes in this release:
    fix loading .mobi files from command line
    fix a crash loading multiple .mobi files at once
    fix a crash showing tooltips for table of contents tree entries
    2.0 (2012-04-02)
    Changes in this release:
    support for MOBI eBook format
    support opening CHM documents from network drives
    a selection can be copied to a clipboard as an image by using right-click context menu
    using ucrt to reduce program size...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #345
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Samba vuln/update

    FYI...

    Samba vuln - v3.6.4 security update
    - https://www.samba.org/samba/security/CVE-2012-1182
    10 Apr 2012 - "Patches addressing this issue have been posted to: http://www.samba.org/samba/security/
    Additionally, Samba 3.6.4, Samba 3.5.14 and 3.4.16 have been issued as security releases to correct the defect. Patches against older Samba versions are available at: http://samba.org/samba/patches/
    Samba administrators running affected versions are advised to upgrade to 3.6.4, 3.5.14, or 3.4.16 or apply these patches as soon as possible.
    Due to the seriousness of this vulnerability, patches have been released for all Samba versions currently out of support and maintenance from 3.0.37 onwards..."

    - http://www.securitytracker.com/id/1026913
    Date: Apr 10 2012
    CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1182 - 10.0 (HIGH)
    Impact: Execution of arbitrary code via network, Root access via network
    Version(s): 3.0.x to 3.6.3
    Description: A vulnerability was reported in Samba. A remote user can execute arbitrary code on the target system...
    Impact: A remote user can execute arbitrary code with root privileges on the target system.
    Solution: The vendor has issued a fix (3.6.4)...
    - https://www.samba.org/samba/history/samba-3.6.4.html

    - https://www.us-cert.gov/current/#sam..._updates_for_3
    April 11, 2012

    - https://en.wikipedia.org/wiki/Samba_%28software%29
    "... As of version 3, Samba provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain, either as a Primary Domain Controller (PDC) or as a domain member. It can also be part of an Active Directory domain. Samba runs on most Unix and Unix-like systems, such as GNU/Linux, Solaris, AIX and the BSD variants, including Apple's Mac OS X Server (which was added to the Mac OS X client in version 10.2)..."

    Last edited by AplusWebMaster; 2012-04-20 at 03:19.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #346
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple - Java - Flashback - etc.

    FYI...

    Apple standalone Flashback malware removal tool
    - http://h-online.com/-1526041
    16 April 2012 - "Apple has announced* the release of a standalone version of the "Flashback malware removal tool"**. The 356KB tool is aimed at Mac OS X 10.7 Lion users without Java installed and, according to Apple, it "removes the most common variants of the Flashback malware". If the tool finds the Flashback malware, users will presented with a dialogue notifying them that it was removed; depending on the variant removed, the tool may require users to restart their system... The Flashback malware removal tool*** is available from Apple's Support Downloads site."

    * http://lists.apple.com/archives/secu.../msg00002.html
    13 Apr 2012

    ** http://support.apple.com/kb/HT5246

    *** http://support.apple.com/kb/DL1517
    ___

    2012-003 Apple - Java for OS X Lion
    - http://support.apple.com/kb/HT5242
    April 12, 2012 - "... Java for OS X Lion 2012-003 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for OS X Lion. This update is recommended for all Mac users with Java installed..."

    Java for Mac OS X 10.6 Update 8
    - http://support.apple.com/kb/HT5243
    April 12, 2012 - "... Java for Mac OS X 10.6 Update 8 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java of Java for Mac OS X v10.6..."

    APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8
    - http://lists.apple.com/archives/secu.../msg00001.html
    12 Apr 2012

    > https://isc.sans.edu/diary.html?storyid=12973
    Last Updated: 2012-04-12 21:50:28 UTC

    - http://h-online.com/-1520431
    13 April 2012 - "... Java update -with- Flashback removal tool..."
    ___

    Third Java update in 9 days...
    - https://www.computerworld.com/s/arti..._hunter_killer
    April 13, 2012

    - https://www.computerworld.com/common...%20Decline.jpg
    April 12, 2012

    Last edited by AplusWebMaster; 2012-04-18 at 14:32.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #347
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy HP switch may contain malware...

    FYI...

    HP 5400zl switch may contain malware
    - https://www.us-cert.gov/current/#hp_...00_zl_switches
    April 12, 2012 - "... security bulletin to address a security vulnerability affecting HP 5400 zl series switches purchased after April 30, 2011. These switches contain a compact flash card that may be infected with malware. US-CERT encourages users and administrators to review HP Security Bulletin HPSBPV02754*, which includes a list of infected switches and serial numbers, and apply any necessary steps to help mitigate the risk."
    * https://h20566.www2.hp.com/portal/si...4892.199480143
    Potential Security Impact: Local compromise of system integrity
    "... HP 5400 zl series switch purchased after April 30, 2011 with the noted serial numbers..."
    References: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0133

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #348
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow IrfanView FlashPix PlugIn v4.34 released

    FYI...

    IrfanView FlashPix PlugIn v4.34 released
    - https://secunia.com/advisories/48772/
    Release Date: 2012-04-13
    Criticality level: Highly critical
    Impact: System access
    Where: From remote ...
    CVE Reference: CVE-2012-0278
    Solution: Update to version 4.3.4.0...

    - http://www.irfanview.com/plugins.htm
    ... PlugIns updated after the version 4.33:
    FPX/FlashPix PlugIn (4.34):
    - http://www.irfanview.net/plugins/irf...plugin_fpx.exe
    ... FPX-Library loading bug fixed

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #349
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Oracle Critical Patch Update Advisory - April 2012

    FYI...

    Oracle Critical Patch Update Advisory - April 2012
    - http://www.oracle.com/technetwork/to...12-366314.html
    Apr 17, 2012

    Text Form of Oracle Critical Patch Update - April 2012 Risk Matrices
    - http://www.oracle.com/technetwork/to...se-366316.html
    ___

    - https://www.us-cert.gov/current/#ora...patch_update18
    April 18, 2012 - "Oracle has released its Critical Patch Update for April 2012 to address 88 vulnerabilities across multiple products. This updates contains the following security fixes:
    • 6 for Oracle Database Server
    • 11 for Oracle Fusion Middleware
    • 6 for Oracle Enterprise Manager Grid Control
    • 4 for Oracle E-Business Suite
    • 5 for Oracle Supply Chain Product Suite
    • 15 for Oracle PeopleSoft Products
    • 2 for Oracle Industry Applications
    • 17 for Oracle Financial Services Software
    • 1 for Oracle Primavera Product Suite
    • 15 for Oracle Sun Product Suite
    • 6 for Oracle MySQL
    US-CERT Encourages users and administrators to review the April 2012 Critical Patch Update and apply any necessary updates to help mitigate the risks."
    ___

    Oracle Critical Patch Update (CPU) Advisory - April 2012
    Severity: High Severity
    - http://atlas.arbor.net/briefs/
    April 19, 2012 15:40
    Oracle provides comprehensive information about the April 2012 Critical Patch Update.
    Analysis: Oracle customers should check the CPU and apply the patches as soon as possible in order to protect against a variety of serious security holes. In some cases, work-arounds may be used but each situation will need to be analyzed to determine impact and effectiveness.
    ___

    - http://h-online.com/-1541933
    18 April 2012
    ___

    Many listings - here: https://secunia.com/advisories/historic/
    18th Apr, 2012

    .
    Last edited by AplusWebMaster; 2012-04-20 at 18:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #350
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WordPress v3.3.2 released

    FYI...

    WordPress v3.3.2 released
    - https://wordpress.org/download/
    April 20, 2012 - "The latest stable release of WordPress (Version 3.3.2) is available..."

    - https://wordpress.org/news/2012/04/wordpress-3-3-2/
    "WordPress 3.3.2 is available now and is a security update for -all- previous versions. Three external libraries included in WordPress received security updates:
    > Plupload (version 1.5.4), which WordPress uses for uploading media.
    > SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
    > SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes...
    ... also addresses:
    > Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances...
    > Cross-site scripting vulnerability when making URLs clickable...
    > Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs...
    These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2..."

    Changelog:
    - https://core.trac.wordpress.org/log/...stop_rev=20087
    ___

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2399 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2400 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2401 - 5.0
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2402 - 5.5
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2403 - 4.3
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2404 - 4.3
    Last revised: 04/23/2012 - "... WordPress before 3.3.2..."

    - http://h-online.com/-1545416
    23 April 2012

    - https://secunia.com/advisories/48957/
    Release Date: 2012-04-23
    Criticality level: Moderately critical
    Impact: Security Bypass, Cross Site Scripting
    Where: From remote
    ... vulnerabilities are reported in versions prior to 3.3.2.
    Solution: Update to version 3.3.2.

    Last edited by AplusWebMaster; 2012-04-25 at 11:57.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •