ep's blog

Security updates available for Adobe Illustrator CS4 and CS3

http://www.adobe.com/support/security/bulletins/apsb10-01.html

"Critical vulnerabilities have been identified in Adobe Illustrator CS4
(14.0.0) and Adobe Illustrator CS3 (13.0.3 and earlier versions), on the
Windows and Macintosh operating systems. The vulnerabilities could lead
to arbitrary code execution. Adobe has provided a solution for the
reported vulnerabilities. It is recommended that users update their
installations".

Thanks,
ep

Multiple Vendors libc/gdtoa printf(3) Array Overrun

http://securityreason.com/achievement_securityalert/63

A new version of libc/gdtoa includes an overrun vulnerability. This
core component affects many OSs and programs, including:

OpenBSD
NetBSD
FreeBSD
MacOS X

Google Chrome
Mozilla Firefox
Mozilla SeaMonkey
Opera
KDE
K-Meleon

OS and software updates should be released soon to fix this issue. It
could lead to arbitrary code execution for any of these software titles.

NetworkManager Security Bypass and Information Disclosure Vulnerabilities

http://www.securityfocus.com/bid/37580/info

"NetworkManager is prone to a security-bypass vulnerability and an
information-disclosure vulnerability.

Attackers can exploit theses issues to obtain sensitive information or
entice a user to connect to a network without certificate verification.

NetworkManager 0.7.2 is vulnerable; other versions may also be affected."

Kingston flash drives suffer password flaw

http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm

"Kingston Technology has asked customers to return certain models of its
DataTraveler secure flash drives for an update, following the discovery
of a flaw in the memory sticks.

The affected models include the DataTraveler BlackBox; DataTraveler
Secure — Privacy Edition; and DataTraveler Elite — Privacy Edition.

The flaw lies in how the drives process passwords, Jim Selby, Kingston's
manager of European product marketing, told ZDNet UK on Monday.

"The encryption itself is sound, but there is a small loophole regarding
the pro

Pages