This update fixes remote code execution and other vulnerabilities in
these Mozilla products.
"The Doc.media.newPlayer method in Adobe Acrobat and Reader contains a
use-after-free vulnerability, which may allow a remote, unauthenticated
attacker to execute arbitrary code on a vulnerable system."
There is currently no solution to this issue. The following workarounds
VMware vCenter and ESX update releases address cross-site scripting
issues in the Help functionality of WebAccess. A vCenter Lab Manager
release addresses the same issues which are present in the online
Help functionality of Lab Manager and Stage Manager.
2. Relevant releases
Six CVE's were addressed in new kernel updates for RHEL5 which range
from local privilege escalation, to information leak, to DoS.
It is recommended that RHEL5 systems be patched and rebooted during the
next update cycle.
Forbes compiled a list of the seven Most-Hacked software titles for 2009. They took a survey of security professionals from various companies including Verisign, TippingPoint, iDefense and Qualys. Based on this survey, Forbes found that the following were the most hacked software titles from 2009.
"The PostgreSQL Project developers have announced the release of
security updates for their popular open source object-relational
database. The current versions of PostgreSQL are now 8.4.2, 8.3.9,
8.2.15, 8.1.19, 8.0.23 and 7.4.27.
Looks like a bug in GNU GRUB 1.97 on Ubuntu 9.10 is significantly
decreasing the viability of grub passwords. It appears that grub is
only checking the first character of the passwords, reducing the
password strength to 1.
This reminds me of the days of Windows 95/3.1 where you could bypass the
screensaver just by hitting the right sequence of keys.
This vulnerability specifically targets Ubuntu, but may be applicable to
other installations of v2.28 as well.
Testing the exploit under Fedora 11 and 12 does not duplicate the issue.
It is recommended for Ubuntu users to update their machines to the
latest version of gnome-screensaver to avoid this issue.
A moderate security vulnerability could allow a malicious user on a
guest VM to cause a DoS attack on the underlying host.
This patch also updates a few other non-security related bugs in the
software as explained at the above link.
It is recommended to update to a version of KVM that includes these