Blogs

VMSA-2010-0004 ESX Service Console and vMA third party updates

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Affected Software:

VMware ESX 4.0.0 without patch ESX400-201002404-SG, ESX400-201002407-SG,
ESX400-201002406-SG

VMware vMA 4.0 before patch 3

Vulnerabilities range from DoS, to arbitrary code execution, to access
restriction bypass.

Please see the URL above for more information.
Thanks,
Brian

Apache HTTP Server (httpd) 2.2.15 Released - includes security fixes

http://www.apache.org/dist/httpd/Announcement2.2.html

Version 2.2.15 fixes these three vulnerabilities.

* important: mod_isapi module unload flaw CVE-2010-0425 (Windows)
* low: Subrequest handling of request headers (mod_headers) CVE-2010-0434
* moderate: mod_proxy_ajp DoS CVE-2010-0408

It is recommended that Apache be updated to the latest code version.

Thanks,
ep

SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability

http://www.securityfocus.com/bid/38578/info

A lack of input sanitization could lead to arbitrary code execution on
systems using the spamassassin milter plugin. The exploit given
specifically targets PostFix installations, however, this issue may
affect other mail services as well.

SpamAssassin Milter Plugin 0.3.1 is affected, although other versions
may be affected as well. v0.3.1 was released in April 2006.

SA-CORE-2010-001 - Drupal core - Multiple vulnerabilities

http://drupal.org/node/731710

Multiple vulnerabilities in Drupal 6.x before version 6.16 and Drupal
5.x before version 5.22 have been fixed in the latest release. These
vulnerabilities include:

* Installation cross site scripting
* Open redirection
* Locale module cross site scripting
* Blocked user session regeneration

Priority 4: This vulnerability has a lower probability of exploitation,
but should still be mitigated.

SA-CORE-2010-001 - Drupal core - Multiple vulnerabilities

http://drupal.org/node/731710

Multiple vulnerabilities in Drupal 6.x before version 6.16 and Drupal
5.x before version 5.22 have been fixed in the latest release. These
vulnerabilities include:

* Installation cross site scripting
* Open redirection
* Locale module cross site scripting
* Blocked user session regeneration

Priority 4: This vulnerability has a lower probability of exploitation,
but should still be mitigated.

SA-CORE-2010-001 - Drupal core - Multiple vulnerabilities

http://drupal.org/node/731710

Multiple vulnerabilities in Drupal 6.x before version 6.16 and Drupal
5.x before version 5.22 have been fixed in the latest release. These
vulnerabilities include:

* Installation cross site scripting
* Open redirection
* Locale module cross site scripting
* Blocked user session regeneration

Priority 4: This vulnerability has a lower probability of exploitation,
but should still be mitigated.

Samba 'client/mount.cifs.c' Local Denial of Service Vulnerability

http://www.securityfocus.com/bid/38326/info

"Samba is prone to a local denial-of-service vulnerability.

A local attacker can exploit this issue to corrupt system files,
resulting in a denial-of-service condition. Other attacks may be possible.

Samba 3.4.5 and earlier are vulnerable."

It is recommended to update to the latest version of samba to avoid this
vulnerability. Due to the nature of this vulnerability, it should be
treated as:

Samba 'client/mount.cifs.c' Local Denial of Service Vulnerability

http://www.securityfocus.com/bid/38326/info

"Samba is prone to a local denial-of-service vulnerability.

A local attacker can exploit this issue to corrupt system files,
resulting in a denial-of-service condition. Other attacks may be possible.

Samba 3.4.5 and earlier are vulnerable."

It is recommended to update to the latest version of samba to avoid this
vulnerability. Due to the nature of this vulnerability, it should be
treated as:

Opera 10.50 (with Opera Widgets for Desktop) for Windows released

http://www.opera.com/docs/changelogs/windows/1050/

This release of Opera includes two security updates:

* Fixed vulnerability in Renegotiation feature of the TLS protocol
* Fixed a moderately severe security issue; details will be disclosed at
a later date.

It is recommended that Opera users on Windows platforms update their
browsers to the latest release.

Thanks,
Brian

Pages