Blogs

Adobe working on new automatic (silent) updater

http://blogs.zdnet.com/security/?p=5178

"Adobe plans to implement a new silent update utility that will patch
security holes automatically. The tool will be configurable so that
users can be prompted first before new versions are installed. A beta
for the tool is expected to be released sometime within this month."

This is good news seeing how many Adobe flaws have been exploited over
the past year. Look for updates later this month.

Thanks,
ep

gd security update for RHEL

http://rhn.redhat.com/errata/RHSA-2010-0003.html

"A missing input sanitization flaw, leading to a buffer overflow, was
discovered in the gd library. A specially-crafted GD image file could
cause an application using the gd library to crash or, possibly, execute
arbitrary code when opened. (CVE-2009-3546)

Users of gd should upgrade to these updated packages, which contain a
backported patch to resolve this issue."

Thanks,
ep

Spamassassin Y2K10 Rule Bug

http://spamassassin.apache.org/

A bug fixed for Y2K in spamassassin unfortunately left another bug for
2010. This caused a rule FH_DATE_PAST_20XX to flag for every email sent
in 2010.

Depending on how your rules are structured, this could lead to mails
being marked as spam.

Spamassassin has a patch available which will fix this error. If you
cannot run sa-update to install the patch, you can disable this check by
putting:

score FH_DATE_PAST_20XX 0

Spamassassin Y2K10 Rule Bug

http://spamassassin.apache.org/

A bug fixed for Y2K in spamassassin unfortunately left another bug for
2010. This caused a rule FH_DATE_PAST_20XX to flag for every email sent
in 2010.

Depending on how your rules are structured, this could lead to mails
being marked as spam.

Spamassassin has a patch available which will fix this error. If you
cannot run sa-update to install the patch, you can disable this check by
putting:

score FH_DATE_PAST_20XX 0

Security update release of Sendmail 8.14.4

http://www.sendmail.org/releases/8.14.4

Sendmail has released a new version which fixes a few security bugs
surrounding certificates and encryption. Various other bugs were fixed
as well.

It is recommended that vulnerable versions of Sendmail be updated to the
latest copy. As of this writing, RedHat has not officially released an
update, but will probably release soon.

Thanks,
ep

Security update release of Sendmail 8.14.4

http://www.sendmail.org/releases/8.14.4

Sendmail has released a new version which fixes a few security bugs
surrounding certificates and encryption. Various other bugs were fixed
as well.

It is recommended that vulnerable versions of Sendmail be updated to the
latest copy. As of this writing, RedHat has not officially released an
update, but will probably release soon.

Thanks,
ep

Spamassassin Y2K10 Rule Bug

http://spamassassin.apache.org/

A bug fixed for Y2K in spamassassin unfortunately left another bug for
2010. This caused a rule FH_DATE_PAST_20XX to flag for every email sent
in 2010.

Depending on how your rules are structured, this could lead to mails
being marked as spam.

Spamassassin has a patch available which will fix this error. If you
cannot run sa-update to install the patch, you can disable this check by
putting:

score FH_DATE_PAST_20XX 0

Security update release of Sendmail 8.14.4

http://www.sendmail.org/releases/8.14.4

Sendmail has released a new version which fixes a few security bugs
surrounding certificates and encryption. Various other bugs were fixed
as well.

It is recommended that vulnerable versions of Sendmail be updated to the
latest copy. As of this writing, RedHat has not officially released an
update, but will probably release soon.

Thanks,
ep

Pages