Old Alerts

[AplusWebMaster]

Google Chrome v8.0.552.215 released

FYI...

Google Chrome v8.0.552.215 released
- http://secunia.com/advisories/42472/
Release Date: 2010-12-03
Impact: Unknown, Exposure of sensitive information, DoS, System access
Where: From remote
Solution: Fixed in version 8.0.552.215.

- http://googlechromereleases.blogspot.com/search/label/Stable updates
December 2, 2010 - "... over 800 bug fixes and stability improvements..."

- http://www.securitytracker.com/id?1024821
Dec 3 2010

- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=228400159
Nov. 29, 2010

- http://weblogs.mozillazine.org/asa/archives/2010/11/why_do_they_think_th.html
November 28, 2010

:fear:

 

[AplusWebMaster]

Winamp v5.601 released

FYI...

Winamp v5.601 released
- http://secunia.com/advisories/42475/
Release Date: 2010-12-07
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
Solution Status: Vendor Patch
... The vulnerability is reported in versions prior to 5.601.
Solution: Update to version 5.601.
Original Advisory: http://forums.winamp.com/showthread.php?s=&threadid=159785

- http://www.winamp.com/help/Version_History#Winamp_5.601_.28Latest.29
___

- http://secunia.com/advisories/44600/
Release Date: 2011-05-16
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
"... vulnerability is confirmed in version 5.61. Other versions may also be affected..."

- http://www.winamp.com/help/Version_History#Winamp_5.61

:fear:

 

[AplusWebMaster]

QuickTime v7.6.9 released

FYI...

QuickTime v7.6.9 released
- http://support.apple.com/kb/DL837
Version: 7.6.9
Post Date: December 07, 2010
Download ID: DL837
File Size: 32.86 MB
Windows XP (SP2 or later), Windows Vista, Windows 7

- http://support.apple.com/kb/HT4447
CVEs: CVE-2010-3787, CVE-2010-3788, CVE-2010-3789, CVE-2010-3790, CVE-2010-3791, CVE-2010-3792, CVE-2010-3793, CVE-2010-3794, CVE-2010-3795, CVE-2010-3800, CVE-2010-3801, CVE-2010-3802, CVE-2010-1508, CVE-2010-0530, CVE-2010-4009

- http://apple.com/quicktime/download
... or update via Apple Software Update.

- http://www.securitytracker.com/id?1024829
Dec 7 2010
- http://www.securitytracker.com/id?1024830
Dec 7 2010

- http://secunia.com/advisories/39259/
Last Update: 2010-12-08
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access, Manipulation of data
Where: From remote...
Solution: Update to version 7.6.9.

:fear:

 

[AplusWebMaster]

WordPress v3.0.3 released

FYI...

WordPress v3.0.3 released
- http://wordpress.org/download/
December 8, 2010 - "The latest stable release of WordPress (Version 3.0.3) is available..."

- http://wordpress.org/news/2010/12/wordpress-3-0-3/
"...security update for all previous WordPress versions. This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts. These issues only affect sites that have remote publishing enabled. Remote publishing is disabled by default, but you may have enabled it to use a remote publishing client such as one of the WordPress mobile apps. You can check these settings on the “Settings ? Writing” screen..."

- http://www.securitytracker.com/id?1024842
Dec 9 2010

:fear:

 

[AplusWebMaster]

Thunderbird v3.1.7 released

FYI...

Thunderbird v3.1.7 released
- http://www.mozillamessaging.com/thunderbird/
released December 9, 2010

- http://www.mozillamessaging.com/thunderbird/3.1.7/releasenotes/

- http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html#thunderbird3.1.7
Fixed in Thunderbird 3.1.7
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

- https://bugzilla.mozilla.org/buglis...13-fixed;type0-0-0=equals;value0-0-0=.7-fixed
85 bugs fixed...

- http://secunia.com/advisories/42519/
Release Date: 2010-12-10
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 3.1.7 or 3.0.11.
Original Advisory:
http://www.mozilla.org/security/announce/2010/mfsa2010-74.html
http://www.mozilla.org/security/announce/2010/mfsa2010-75.html
http://www.mozilla.org/security/announce/2010/mfsa2010-78.html

- http://www.securitytracker.com/id?1024846
Dec 10 2010

 

[AplusWebMaster]

Chrome v8.0.552.224 released

FYI...

Chrome v8.0.552.224 released
- http://secunia.com/advisories/42605/
Release Date: 2010-12-14
Criticality level: Highly critical
Impact: Unknown, DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 8.0.552.224.
Original Advisory:
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html

:fear:

 

[AplusWebMaster]

IrfanView v4.28 released

FYI...

IrfanView v4.28 released
LuraDocument Format PlugIn Memory Corruption Vulnerability
- http://secunia.com/advisories/41439/
Release Date: 2010-12-17
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: No updated version of the plugin will be made available. The vendor has removed the plugin in version 4.28 of the plugins distribution.
Original Advisory:
http://irfanview.com/main_history.htm
Version 4.28 ( - CURRENT VERSION - ) (Release date: 2010-12-16)

:fear:

 

[AplusWebMaster]

Kerio Firewall vuln - patch available

FYI...

Kerio Firewall vuln - patch available
- http://www.securitytracker.com/id?1024913
Dec 20 2010
Solution: The vendor has issued a fix (7.1.0 Patch 1).
The vendor's advisory is available* ...
* http://www.kerio.com/support/security-advisories#1012
Date: December 20, 2010
Severity: High
Name: HTTP cache poisoning vulnerability
Affected products: Kerio WinRoute Firewall all versions, Kerio Control up to version 7.1.0
Fix availability: The following product versions are not vulnerable: Kerio Control version 7.1.0 Patch 1 and higher.
Description: By sending a specially crafted HTTP data over a non-HTTP TCP connection a malicious web site could trick the HTTP cache to store arbitrary data. That data would then be served to clients instead of the legitimate content.
Mitigation factors: HTTP cache is disabled by default. It must be enabled in order for this attack to succeed.
Workaround: Disable HTTP cache...
> http://www.kerio.com/node/588
Release history

:fear:

 

[AplusWebMaster]

Mozilla - password Security Breach

FYI...

Mozilla - password Security Breach
"... partial database of addons.mozilla.org user accounts..."
- http://isc.sans.edu/diary.html?storyid=10162
Last Updated: 2010-12-28 17:14:52 UTC - "Mozilla has published a blog* and sent out an e-mail notifying users.. User IDs and password hashes for users were available for public access briefly. Users who have not been active before April 2009, however, had their password hashes stored in MD5 hashes which could be retrieved via password cracking. This method of storing passwords has been retired by Mozilla which is why users who logged in after April 2009 are safe. The problem would come in for those users who use the same password across multiple sites (particularly the same password to access the e-mail account they registered with).
As a quick tip, we all have dozens (at least) of "low-impact" sites we have passwords for: new sites, blogs, etc. The impact of those accounts being compromised is trivial, at best. However, if the same password is used (and that password is mapped to an e-mail address or username) it can be used to access other, more sensitive accounts. You could have a different password for each site, which quickly becomes impractical. Sites using centralized logins are few and far-between (say Open ID). A solution I've tried to use is to have an insecure password but salt it with some designation for the site I'm accessing. Say the insecure password is qwerty. I can add two characters designating what I'm accessing for each site. So qwertyFF (FF for Firefox) for addons.mozilla.org. This allows for different passwords at each site, but in a way that is easy to remember multiple passwords. Obviously, you -won't- want to user "qwerty" as the base for those passwords, but you get the idea."
* http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/
"... partial database of addons.mozilla.org user accounts..."

:fear::sad:

 

[AplusWebMaster]

Malicious malware domains with ".in" on the rise...

FYI...

Malware Domains 2234.in, 0000002.in & co
- http://isc.sans.edu/diary.html?storyid=10165
Last Updated: 2010-12-29 00:04:58 UTC - "... recent increase of malicious sites with ".in" domain names. The current set of names follow the four-digit and seven-digit pattern. Passive DNS Replication like RUS-CERT/BFK shows that a big chunk of these domains currently seems to point to 91.204.48.52 (AS24965) and 195.80.151.83 (AS50877). The former Netblock is in the Ukraine (where else), the latter likely in Moldavia. Both show up prominently on Google's filter (AS24965, AS50877), Zeustracker, Spamhaus (AS24965, AS50877) and many other sites that maintain filter lists of malicious hosts. A URL block system that can do regular expressions comes in pretty handy for these - \d{4}\.in and \d{7}\.in takes care of the whole lot, likely with minimal side effects, since (benign) all-numerical domain names under ".in" are quite rare. If you're into blocking entire network ranges, zapping 91.204.48.0/22 and 195.80.148.0/22 should nicely take care of this current as well as future badness..."
[ 91.204.48.* / 195.80.148.* ]

- http://cidr-report.org/cgi-bin/as-report?as=AS24965

- http://cidr-report.org/cgi-bin/as-report?as=AS50877

:fear::fear:

 

[anaam]

SPAM post to be deleted ...

SPAM post to be deleted ...

 

[AplusWebMaster]

WordPress v3.0.4 released

FYI...

WordPress v3.0.4 released
- http://wordpress.org/download/
December 29, 2010

- http://wordpress.org/news/2010/12/3-0-4-update/
"Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download... it fixes a core security bug in our HTML sanitation library... rate this release as “critical”..."

- http://core.trac.wordpress.org/changeset/17172/branches/3.0

- http://www.securitytracker.com/id?1024928
Dec 29 2010

:fear:

 

[AplusWebMaster]

Google Chrome v8.0.552.237 released

FYI...

Google Chrome v8.0.552.237 released
- http://secunia.com/advisories/42850/
Release Date: 2011-01-13
Criticality level: Highly critical
Impact: Unknown, Manipulation of data, System access
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 8.0.552.237.
Original Advisory:
http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0471
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0472
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0473
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0474
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0475
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0476
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0477
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0478
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0479
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0480
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0481
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0483
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0484
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0485
All CVSS v2 Base Score: 9.3-10.0 (HIGH) ... before 8.0.552.237

- http://www.securitytracker.com/id?1024957
Jan 13 2011
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (8.0.552.237).

- http://www.kb.cert.org/vuls/id/258423
2011-01-13

:fear:

 

[AplusWebMaster]

Google Chrome v9.0.597.94 released ...

FYI...

Google Chrome v9.0.597.94 released
- http://secunia.com/advisories/43021/
Release Date: 2011-02-08
Criticality level: Highly critical
Impact: Unknown, DoS, System access
Where: From remote...
... The vulnerabilities are reported in versions prior to 9.0.597.94.
Solution: Update to version 9.0.597.94.
Original Advisory:
http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html

:fear:

 

[AplusWebMaster]

Winamp forums compromised

FYI...

Winamp forums compromised
- http://isc.sans.edu/diary.html?storyid=10429
Last Updated: 2011-02-21 19:38:56 UTC - "... email addresses used for the forums have been compromised. Users are recommended to change their passwords as a precautionary measure, and advised that the level of spam they receive may go up. Forum users may have also received an email from Winamp advising them of the compromise. The advisory is here:
- http://forums.winamp.com/showthread.php?t=327374 ..."

:fear:

 

[AplusWebMaster]

FoxIt Reader v4.3.1.0218 released

FYI...

FoxIt Reader v4.3.1.0218 released
- http://www.foxitsoftware.com/downloads/index.php
02/24/11
- http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#memory
• Fixed an unexpected termination of the Foxit Reader software that is caused by illegal accessing memory when opening some special PDF documents.

Update available through the "Check for Updates" function:
From an admin. account: > Help > Check for Updates now > FoxIt Reader 4.3.1.0218 Upgrade
___

- http://secunia.com/advisories/43329/
Release Date: 2011-02-25
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Foxit Reader 4.x
CVE Reference: CVE-2011-0332
... The vulnerability is confirmed in version 4.3.1.0118. Other versions may also be affected.
Solution: Update to version 4.3.1.0218.

- http://www.securitytracker.com/id/1025129
Feb 25 2011

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0332
Last revised: 02/28/2011
CVSS v2 Base Score: 9.3 (HIGH)
"... before 4.3.1.0218..."

:fear:

 

[AplusWebMaster]

Google Chrome v9.0.597.107 released

FYI...

Google Chrome v9.0.597.107 released
- http://www.computerworld.com/s/arti...rome_bugs_week_before_Pwn2Own_hacking_contest
March 1, 2011 - "Google on Monday patched 19 vulnerabilities in Chrome... update to Chrome 9.0.597.107..."
> http://googlechromereleases.blogspot.com/search/label/Stable updates
February 28, 2011 | 15:23 - "The stable channel has been updated to 9.0.597.107 for all platforms. This release contains... security fixes...."

- http://www.h-online.com/security/ne...date-proves-expensive-for-Google-1199922.html
1 March 2011 - "... Users who currently have Chrome installed can use the built-in update function by clicking Tools, selecting About Google Chrome and clicking the Update button."
___

- http://secunia.com/advisories/43519/
Release Date: 2011-03-01
Criticality level: Highly critical
Impact: Unknown, Spoofing, Exposure of sensitive information, System access
Where: From remote
Solution: Update to version 9.0.597.107.

- http://www.securitytracker.com/id/1025133
Mar 1 2011

:fear:

 

[AplusWebMaster]

Thunderbird v.3.1.8 released

FYI...

Thunderbird v.3.1.8 released
- http://www.mozillamessaging.com/thunderbird/3.1.8/releasenotes/
March 1st, 2011

Fixed in Thunderbird 3.1.8
- http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html#thunderbird3.1.8

Buglist:
- https://bugzilla.mozilla.org/buglis...14-fixed;type0-0-0=equals;value0-0-0=.8-fixed
57 bugs found.

- http://www.mozillamessaging.com/thunderbird/all.html
___

- http://secunia.com/advisories/43586/
Release Date: 2011-03-02
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote
Solution: Update to version 3.1.8.
Original Advisory:
http://www.mozilla.org/security/announce/2011/mfsa2011-01.html
http://www.mozilla.org/security/announce/2011/mfsa2011-08.html
http://www.mozilla.org/security/announce/2011/mfsa2011-09.html

- http://www.securitytracker.com/id/1025135
Mar 2 2011

:fear:

 

[AplusWebMaster]

iTunes v10.2 released

FYI...

iTunes 10.2.1 released
- http://support.apple.com/kb/DL1103
"... Resolves an issue whereby syncing photos to an iPhone, iPad, or iPod may take longer than expected..."
- http://support.apple.com/downloads/
iTunes 10.2.1 - March 08, 2011
___

iTunes v10.2 released
- http://www.securitytracker.com/id/1025152
Mar 3 2011
Impact: A remote user can cause arbitrary code to be executed on the target user's system.
Solution: The vendor has issued a fix (10.2).
The vendor's advisory is available at:
- http://support.apple.com/kb/HT4554
March 02, 2011 ... security content of iTunes 10.2...

- http://support.apple.com/kb/HT1222

- http://support.apple.com/downloads/

- http://secunia.com/advisories/43582/
Release Date: 2011-03-03
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple iTunes 10.x
Solution: Update to version 10.2.

- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=897

:fear:

 

[AplusWebMaster]

Google Chrome v10.0.648.127 released

FYI...

Google Chrome v10.0.648.127 released
- http://secunia.com/advisories/43683/
Release Date: 2011-03-09
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Exposure of system information, System access
Where: From remote...
Solution: Upgrade to version 10.0.648.127.
Original Advisory:
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
___

- https://www.computerworld.com/s/art...ssues_last_minute_Chrome_fixes_before_Pwn2Own
March 8, 2011 04:09 PM ET - "... Pwn2Own hacking contest starts Wednesday in Canada... fixes 25 flaws..."

:fear: