Blogs

[DSA-1975-1] Security Support for Debian 4.0 to be discontinued on February 15th

http://seclists.org/fulldisclosure/2010/Jan/397

For anyone still on Debian 4.0, now is a good time to work on a
migration plan to Debian 5.0. Debian will stop releasing security
updates after February 15th for 4.0.

This is also a good time for Ubuntu users to check their distribution
for similar announcements. Ubuntu is based on Debian.

Thanks,
Brian

[DSA-1975-1] Security Support for Debian 4.0 to be discontinued on February 15th

http://seclists.org/fulldisclosure/2010/Jan/397

For anyone still on Debian 4.0, now is a good time to work on a
migration plan to Debian 5.0. Debian will stop releasing security
updates after February 15th for 4.0.

This is also a good time for Ubuntu users to check their distribution
for similar announcements. Ubuntu is based on Debian.

Thanks,
Brian

RHEL5 kernel security and bug fix update

https://rhn.redhat.com/errata/RHSA-2010-0046.html

Here is a new kernel update, unrelated to the last update sent out 9
days ago. It fixes a myriad of new problems including Denial of
Service, Privilege Escalation, kernel panic, file rewrite, and
information leaks to name a few.

It is recommended that RHEL5 systems be updated and rebooted to mitigate
the risk from these issues.

Thanks,
Brian

RHEL5 kernel security and bug fix update

https://rhn.redhat.com/errata/RHSA-2010-0046.html

Here is a new kernel update, unrelated to the last update sent out 9
days ago. It fixes a myriad of new problems including Denial of
Service, Privilege Escalation, kernel panic, file rewrite, and
information leaks to name a few.

It is recommended that RHEL5 systems be updated and rebooted to mitigate
the risk from these issues.

Thanks,
Brian

Adobe Shockwave Player Four Integer Overflow Vulnerabilities

http://secunia.com/secunia_research/2009-63/

"Affected: Adobe Shockwave Player 11.5.2.602"

"Secunia Research has discovered four vulnerabilities in Adobe
Shockwave Player, which can be exploited by malicious people to
compromise a user's system.

The vulnerabilities are caused by four integer overflow errors
when processing a certain block type. These can be exploited to cause
heap-based buffer overflows via specially crafted Shockwave files.

Adobe Shockwave Player Four Integer Overflow Vulnerabilities

http://secunia.com/secunia_research/2009-63/

"Affected: Adobe Shockwave Player 11.5.2.602"

"Secunia Research has discovered four vulnerabilities in Adobe
Shockwave Player, which can be exploited by malicious people to
compromise a user's system.

The vulnerabilities are caused by four integer overflow errors
when processing a certain block type. These can be exploited to cause
heap-based buffer overflows via specially crafted Shockwave files.

Cisco IOS XR Software SSH Denial of Service Vulnerability

http://www.cisco.com/warp/public/707/cisco-sa-20100120-xr-ssh.shtml

"The SSH server implementation in Cisco IOS XR Software contains a
vulnerability that an unauthenticated, remote user could exploit to
cause a denial of service condition."

"Products Confirmed Not Vulnerable

SSH server implementations in Cisco IOS Software and Cisco IOS XE
Software are not affected by this vulnerability."

Cisco IOS XR Software SSH Denial of Service Vulnerability

http://www.cisco.com/warp/public/707/cisco-sa-20100120-xr-ssh.shtml

"The SSH server implementation in Cisco IOS XR Software contains a
vulnerability that an unauthenticated, remote user could exploit to
cause a denial of service condition."

"Products Confirmed Not Vulnerable

SSH server implementations in Cisco IOS Software and Cisco IOS XE
Software are not affected by this vulnerability."

Pages