Archive for the 'Security-Vulnerabilities' Category


Ruby on Rails urgent update

Thursday, August 10th, 2006

A new version of Ruby on Rails has been released in response to a critical security vulnerability. The link will take you to information at incidents.org. 1.1.5 is the new version and should be compatible with 1.1.4 all previous versions appear to be vulnerable.    Send article as PDF   

Clamav 0.88.4 and prior DoS

Monday, August 7th, 2006

According to incidents.org a denial of service vulnerability has been noted in all versions of clamav prior to 0.88.4 (inclusive). At incidents last report the download for 0.88.4 was back after disappearing for a while which seemed to indicate a fix, however. I wasn’t aware 0.88.4 had been released before today (?). It looks as […]

Vista’s fatal flaw?

Monday, August 7th, 2006

Backwards compatibility. It’s something that many vendors strive for and Microsoft is certainly one that has placed a value on making things backwards compatible for third party software. According to this story at Sci-Tech Today, Symantec thinks this eagerness to be backwards compatible may be a big issue for Vista’s security. They expect several “privilige […]

Another WMF exploit??

Monday, August 7th, 2006

Security Focus has a brief that refers to a WMF zero-day vulnerability that affects Windows XP SP2. I suspect this may get a bit of coverage throughout the day. It appears as though there are actually 3 issues cited.    Send article as PDF   

Wireless Driver Vulnerabilities

Wednesday, August 2nd, 2006

There are a couple notes to pass along with regards to some pretty serious vulnerabilities in various wireless network adapter drivers. First, Sans has information on some Intel Centrino updates that resolve some vulnerabilities that would affect the Windows Centrino driver and the ProSet management software. F-secure chimes in on this noting that the download […]

Time for Apple Mac OS X updates again

Tuesday, August 1st, 2006

From the look of it Apple has released a bunch of updates for OS X. A number of security issues are detailed. As always, SANS has some good details and links to more info on each of the ~13 issues. Many of them are legacy bugs if you will from older *nix-based systems. This is […]

Another McAfee security product flaw

Tuesday, August 1st, 2006

Sans has info on a security flaw affect several McAfee security products. It could allow remote code execution. The 2007 versions of the products are not affected and a patch is expected soon. For your information, here are the affected products: McAfee Internet Security Suite 2006, McAfee Wireless Home Network Security, McAfee Personal Firewall Plus, […]

WordPress 2.0.4 Update

Tuesday, August 1st, 2006

It has been a few days now, but I noticed that WordPress 2.0.4 has now been released and is highly recommended due to the fixing of a few security issues. They also list a number of bugfixes as well. So, if you’re running a site based on wordpress it’s time to update. It’s really a […]

Microsoft Issues advisory on Powerpoint flaw

Tuesday, July 18th, 2006

Here’s the link to Microsoft’s advisory. The main workaround seems to be…. Don’t open or save powerpoint attachments that you receive from untrusted sources, OR that you receive unexpectedly from trusted sources…. So, the only real workaround is what SHOULD be common practice. Whether or not there is a vulnerability in the news you should […]

Linux Local kernel vulnerability

Friday, July 14th, 2006

SANS has a story on another local kernel vulnerability for linux. I’ve got to say that I typically haven’t looked as much at “local” vulnerabilities on this site as I have talked about remote vulnerabilities. Usually local vulnerabilities are flaws that allow a user that’s already logged into a system to escalate their user rights […]

Google
 
Web www.averyjparker.com